Home/ Questions/Q 1030733
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T12:44:49+00:00

I was curious what that meant in general. But here is the specifics.. I’m

  • 0

I was curious what that meant in general.

But here is the specifics..

I’m doing a sortable jquery project, that touches this rails action :

def update_order
  params[:media].each_with_index do |id, index|
    media = @organization.media.find(id)
    media.do_not_touch = true
    media.update_attribute('position', index+1)
  end if params[:media]
  render :nothing => true
end

I’m just looking for a general reason why this error comes up.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Rails automatically checks for forged data when data is submitted. From the doc:

    Protecting controller actions from
    CSRF attacks by ensuring that all
    forms are coming from the current web
    application, not a forged link from
    another site, is done by embedding a
    token based on a random string stored
    in the session (which an attacker
    wouldn‘t know) in all forms and Ajax
    requests generated by Rails and then
    verifying the authenticity of that
    token in the controller

    You can disable this for the given Ajax call, or you could also send along a parameter named “authenticity_token” with the value of <%= form_authenticity_token %>

    To disable it (which I would NOT recommend), you can do one of the following:

    class FooController < ApplicationController
  protect_from_forgery :except => :update_order

  # you can disable csrf protection on controller-by-controller basis:
  skip_before_filter :verify_authenticity_token
end
    • 0