Ruby form using ajax with remote: true gives ActionController::InvalidAuthenticityToken error. Classic submission does not

Question

I am writing a chat page for a RoR site. I have it all worked out in HTML and I am trying to implement it with ajax. There is a form for submission of messages. the form tag reads <%= form_for(@chat, remote: true, :authenticity_token => true) do |f| %>

My entire view:

  <!DOCTYPE html>
<html>
    <head>
        <title>Battleriskopoloy - Communications</title>
    </head>
    <body>
        <br>
        <div id="heading_1" align="center">
            <br><span id="title"><strong>[ . . . Communications . . . ]</strong></span>
        </div><br>
        <div id="sidebar"><br>
            <% $chat_users.each do |user| %>
            <% user = User.find_by_username(user) %>
            <%= button_to user.username, flop_chat_path(user), :class => "select", :method => :get  %>
            <% end %>
        </div>
        <div id="display">
            <% $messeges.each do |i| %>
                <% if i[1] == "from" %>
                <p style="color:#000000; text-align:right; margin-right:5%;font-family:courier"><%= i[0] %></p>
                <br>
                <% else %>
                <p style="color:#FF0000; text-align:left; margin-left:5%; font-family:courier"><%= i[0] %></p>
                <br>
                <%end%>
            <%end%>
        </div>
        <div id="textfield">
            <%= form_for(@chat, remote: true, :authenticity_token => true) do |f| %>
            <%= f.text_field :content, id: "compose" %>
            <br>
            <br>
            <%= f.submit "Send Messege", id: "submit" %>
        <% end %>
        </div>
    </body>
</html>

The controller :

class ChatsController < ApplicationController
     $messeges = Array.new(10, " ")
def new
    $messeges = Array.new
    if $ruser != nil
    $messeges = Array.new
    Chat.all.each_with_index do |i, index|
        if i.recipient == current_user.id && i.sender == $ruser.id
            $messeges.push([i.content, "to"])
        end
        if i.recipient == $ruser.id && i.sender == current_user.id
            $messeges.push([i.content, "from"])
        end
    end
    end
    $chat_users = Array.new
    User.all.each do |user|
        if user != nil && current_user != nil
        if user.game_id == current_user.game_id && user.id != current_user.id
            $chat_users.push(user.username)
        end
        end
    end
    @chat = Chat.new
end

def create
    if $ruser != nil
    @chat = Chat.new(chat_params)
    @chat.recipient = $ruser.id
    @chat.sender = current_user.id
    @chat.save
    end
    redirect_to "/comms/new"
end

def flop
    $ruser = User.find(params[:id])
    $messeges = Array.new
    Chat.all.each_with_index do |i, index|
        if i.recipient == current_user.id && i.sender == $ruser.id
            $messeges.push([i.content, "to"])
        end
        if i.recipient == $ruser.id && i.sender == current_user.id
            $messeges.push([i.content, "from"])
        end
    end
    redirect_to "/comms/new"
end

private
    def chat_params
        params.require(:chat).permit(:content)
    end
end

Additionally, I have <%= csrf_meta_tags %> in my application.html.erb

I had found some other things online about people getting the same error with rails 4 when switching from ajax to html submission but that seemed only to be because they didn't have the :authenticity_token => true parameter included. Any help is greatly appreciated.

Answer 1

By default authenticity_token is set to false. So you need to add this line in your application.rb

config.action_view.embed_authenticity_token_in_remote_forms = true