Actually, you are reading the action attribute of form and sending a post ajax request to it. to send form data you have to submit the form or you can serialize the form data and send it in ajax request like $(“.ajax-referral”).click(function(){ $.ajax({ type: “POST”, url: $(this).parent(“form”).attr(“action”) + “?&authenticity_token=” + AUTH_TOKEN, data:$(this).parent(“form”).serialize(), dataType: “script” }); … Read more
I think I just figured it out. I changed the (new) default protect_from_forgery with: :exception to protect_from_forgery with: :null_session as per the comment in ApplicationController. # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. You can see the difference by looking at the source for request_forgery_protecton.rb, … Read more
What happens When the user views a form to create, update, or destroy a resource, the Rails app creates a random authenticity_token, stores this token in the session, and places it in a hidden field in the form. When the user submits the form, Rails looks for the authenticity_token, compares it to the one stored … Read more