Download CSRF token on rails using AJAX

Question

Download CSRF token on rails using AJAX

I decided to implement my Rails site with just one page load and do the rest through AJAX. The problem is that the CSRF token that is generated in meta is not valid after being used to submit a registration or signing form. How to refresh it without reloading the page?

+4

javascript ajax ruby-on-rails ruby-on-rails-3 csrf

Chris May 22 '12 at 1:51

source share

3 answers

Scott Schulthess · Answer 1 · 2012-07-04T13:16:50+0000

I don’t think that rails will invalidate the CSRF meta-token after each separate request (or message or something else) (if this is not so, frameworks like backbone.js will have a difficult time :).

https://github.com/rails/rails/blob/7fb99e5743d88c04357e09960d112376428a6faa/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L100

You are probably making a request BEFORE a question that you think is invalid without the correct token, and therefore the rails will delete your session, and subsequent requests will be marked as invalid even if they transmit the correct token earlier.

Ahmed Samir Shahin · Answer 2 · 2013-03-11T10:56:55+0000

in every ajax request:

add to data:

authenticity_token: '<% = form_authenticity_token%>'

leena · Answer 3 · 2015-11-23T12:10:42+0000

You can use beforeSend, as shown below, in your ajax call for put, post methods. $.ajax({ type: 'POST', beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}, url: your url, data: data });

Download CSRF token on rails using AJAX

More articles: