Rails 4 Ajax request without authentication token

Question

Rails 4 Ajax request without authentication token

I am sending some simple ajax messages and patches via javascript in my application. The functionality is excellent, it works as intended. However, I do not see the authentication token in the ajax request parameters, and it still works.

javascript (jQuery)

$.ajax({
  type:'PATCH', 
  url: '/dashboard/goals/#{@goal.id}.js', 
  data: $.param({ 
    new_invitation: { 
      recipient_id: recId, 
      type: "GoalInvite", 
      user_id : #{current_user.id}
    }
  })
});

and the parameters appear in log-

in the following way:

Parameters: {"new_invitation"=>{"recipient_id"=>"24", "type"=>"GoalInvite", "user_id"=>"23"}, "id"=>"234"}

no authentication token. I think I know how I can add it, but I'm surprised that it even works without it. Can anyone shed some light on this?

+4

jquery ajax ruby-on-rails authenticity-token

Matt ramirez Jun 18 '14 at 13:26

source share

1 answer

Sharagoz · Accepted Answer · 2014-06-18T14:04:37+0000

, () , HTTP_X_CSRF_TOKEN, . jquery_ujs , AJAX.

Rails 4 Ajax request without authentication token

javascript (jQuery)

More articles: