Menu
I am sending some very simple ajax post and patch requests via javascript in my application. The functionality is fine, works as intended. However, I do not see the authenticity token in the ajax request params and it still works.
$.ajax({
type:'PATCH',
url: '/dashboard/goals/#{@goal.id}.js',
data: $.param({
new_invitation: {
recipient_id: recId,
type: "GoalInvite",
user_id : #{current_user.id}
}
})
});
and the params appear as follows in the log -
Parameters: {"new_invitation"=>{"recipient_id"=>"24", "type"=>"GoalInvite", "user_id"=>"23"}, "id"=>"234"}
no authenticity token. I think I know how I could add it in, but I am surprised that it even works without it. Can anyone shed some light on this?
432
If you inspect the request object you'll (hopefully) see that there's a request header named HTTP_X_CSRF_TOKEN that contains the authenticity token. The jquery_ujs library takes care of this for you so you dont have to include the token in AJAX requests manually.
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
