Does anyone know how the authent开发者_如何学JAVAicity token is managed in Ruby on Rails 3? With all the unobtrusive Javascript Ruby on Rails 3 articles showing how the HTML5 data attributes are used I don't see the authenticity token anywhere.
You need to put this in the head section of your layout file(s):
<%= csrf_meta_tag %>
—which outputs:
<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />
If you have been using
token_tag
to add validation to custom forms without the form helper, you must now use:
token_tag form_authenticity_token
config/initializers/secret_token.rb
精彩评论