Rails简单形式给出了InvalidAuthenticityToken错误

我有一个这样的简单形式:

和这种方法的控制器:

  def busca
    puts params[:searchText]
  end

当我单击表单中的图像按钮时,我得到一个ActionController :: InvalidAuthenticityToken.这是完整的StackTrace:

/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in send'/Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support /callbacks.rb:178:in evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in 调用'/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:225:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:in run_before_filters'/ Library /Ruby/Gems/1.8 / gems /actionpack-2.2.2/lib/action_controller/filters.rb:615:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:in perform_action_without_benchmark'/ Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller / benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/rescue.rb:136:in perform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:inperform_action'/ Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:in cache'/ Library/Ruby/Gems/1.8/gems/actionpack -2.2 .2/lib/action_controller/caching/sql_cache.rb:12:in perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in send process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:in '/Library /Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in process_without_session_management_support'/ Library /Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:in process'/ Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/webrick_server.rb :74:in service' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in require'/ new_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb :521:in require'/ Library/Ruby/Gems/1.8/gems/rails-2.2 0.2/LIB /命令/ server.rb:49

怎么了？

沿着Nat的路线,加入

<%= token_tag %> 

就在HTML"form"标签工作之后

默认情况下,所有非GET操作都要求将真实性令牌与请求一起传递.Rails使用真实性令牌来避免CSRF攻击.

确保它始终存在的最简单方法是使用form_tag帮助程序而不是手动编写HTML.

<% form_tag "/home/search", :name => "searchForm" do %>
  fields here
<% end %>

如果您不使用帮助程序生成表单标记,则可以使用真实性标记手动生成隐藏字段: