I generate a small form via render_to_string , and for some reason the CSRF token is not generated correctly (i.e. it is different from the header, and the user logs out of the submit, as well as "Unable to validate CSRF token" in the logs). Here is the relevant code:
Controller:
def publish @question = @event.questions.find(params[:id]) @question.update_attribute(:published, true) unless @question.published? Pusher[@event.to_param].trigger('new_question', question: render_question) redirect_to event_path(@event) end private def render_question render_to_string('questions/_unanswered_question', locals: {question: @question}, layout: false) end def fetch_event @event ||= current_user.events.find(params[:event_id]) end
I use Pusher, but you can assume that it just displays on the page using this Javascript:
$("#questions").append(data.question); // data is what I send from Pusher.
And finally, a partial display:
.answer = form_for [@event, question, question.answers.new] do |f| %h2 = question.title %ul - (1..5).each do |n| - if question.send("answer_#{n}").present? %li = f.radio_button :option, n, id: "q_#{question.id}_answer_option_#{n}" = f.label question.send("answer_#{n}"), for: "q_#{question.id}_answer_option_#{n}" %p = f.submit "Answer"
This works fine, but not added to the page, but displayed in the layout. Please note that this is not a remote form.
source share