tags:

views:

90

answers:

1
Q: 

Why I can't send a post method in RoR?

I have this method to post the value to the "/store/add_to_cart"

<form action = "/store/add_to_cart" method="post">
<% for product in @products -%>
<div class   = "entry">
<%= product.title %>
<%= product.price %>
<p>
</div>
<% end %>
<%= select( "payment", "id", { "Visa" => "1", "Mastercard" => "2"}) %>
<%= submit_tag 'Make Order' %>
</form>

In the /store/add_to_cart.html.erb, I created :

<%= params.length %>
<% for i in params%>
<%=i%>
<br/>

<% end %>

But I get this error: ActionController::InvalidAuthenticityToken in StoreController#add_to_cart

What's happen? but after I change it to the get method, I can get all the params, wt's happen?

+8  A: 

You are not using rails form_for helper to generate the <form> HTML markup, what this method does in addition is to add a hidden input field that is used to prevent CSRF attacks.

You have three options:

  1. Use the form_for, form_tag... helper
  2. Include the hidden input yourself
  3. Disable the CSRF support
Zoran Regvart  2009-12-27 12:11:33
How can I change my code to form_for helper way?
Ted Wong  2009-12-27 12:17:14
Something like:<% form_for controller => 'store', :action => add_to_cart, :html => {:method => :post} do |f| %>...<% end %>but that's just not DRY enough, I would recommend that you do a more RESTful design, checkout: http://nubyonrails.com/articles/peepcode-rest-basics, http://ryandaigle.com/articles/2006/08/01/whats-new-in-edge-rails-simply-restful-support-and-how-to-use-it, http://www.b-simple.de/download/restful_rails_en.pdf (PDF)
Zoran Regvart  2009-12-27 12:51:31

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?