I am using Rails 3.0.2, which by default has protect_from_forgeryin application_controller.rb.
I wanted to call InvalidAuthenticityToken.
For this, I added this javascript to my page:
$('input[name=authenticity_token]').val('aaa')
Checking the DOM with Firebug I can see that the hidden field authenticity_tokenis updated correctly.
If I submit the form and check the log from the server, I see that the relative parameter is correctly set to 'aaa'. I would expect to receive InvalidAuthenticityTokenwhile the request is being processed, as it was right!
How is this possible?
Diego source
share