I am sending some very simple ajax post and patch requests via javascript in my application. The functionality is fine, works as intended. However, I do not see the authenticity token in the ajax request params and it still works.
$.ajax({
type:'PATCH',
url: '/dashboard/goals/#{@goal.id}.js',
data: $.param({
new_invitation: {
recipient_id: recId,
type: "GoalInvite",
user_id : #{current_user.id}
}
})
});
and the params appear as follows in the log -
Parameters: {"new_invitation"=>{"recipient_id"=>"24", "type"=>"GoalInvite", "user_id"=>"23"}, "id"=>"234"}
no authenticity token. I think I know how I could add it in, but I am surprised that it even works without it. Can anyone shed some light on this?
If you inspect the request object you'll (hopefully) see that there's a request header named HTTP_X_CSRF_TOKEN
that contains the authenticity token. The jquery_ujs
library takes care of this for you so you dont have to include the token in AJAX requests manually.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With