I am running Rails 4.2, Devise 3.4.1 and CanCan 1.6.10. When I try to delete resources using the standard delete button, as shown below, I get a subscription and redirected to the login page.
<a data-confirm="Are you sure?" class="btn-alert" rel="nofollow" data-method="delete" href="/admin/lots/6">Delete</a>
My dev journal tells me this because it is "Unable to verify the authenticity of the CSRF token." The only way I can get this to work is to go from the delete button to the form that is sent to the delete action, but such a stupid thing. I did this in other Rails 4 applications, so I'm sure I'm doing it right.
index.html.erb
<% if can? :destroy, lot %>
<%= link_to "Delete", admin_lot_path(lot.id), method: :delete, data: {confirm: "Are you sure?"}, class: 'btn-alert' %>
<% end %>
lots_controller.rb
class Admin::LotsController < ApplicationController
before_filter :authenticate_user!
load_and_authorize_resource
def destroy
@lot.destroy
redirect_to admin_lots_path, notice: "Lot was successfully removed."
end
end`
As I said, replacing a button with a form seems to work, but it’s not perfect.
<%= form_for([:admin, lot], method: :delete) do |f| %>
<%= f.submit value: "Delete", class: 'btn-standard', data: {confirm: "Are you sure?"} %>
<% end %>
before_filter :authenticate_user! load_and_authorize_resource , . , csrf , .
- , ? , . btw.
: development.log
Started DELETE "/admin/lots/6" for 127.0.0.1 at 2015-05-26 15:03:22 -0500
Processing by Admin::LotsController
Parameters: {"id"=>"6"}
Can't verify CSRF token authenticity