This project is archived and is in readonly mode.

#2988 ✓resolved
qoobaa

authenticity_token option for form_tag

Reported by qoobaa | August 3rd, 2009 @ 03:07 PM | in 3.1

The patch adds :authenticity_token option to form_tag helper. It's useful when you need to deal with external application uploads (like uploading files to AWS S3). Some might say that it can be solved using allow_forgery_protection in controller, but the situation becomes more complicated when you need to have both: internal and external forms on the same view. The authenticity token might be turned off by passing false, or overridden by passing custom string.

form_tag "http://far.far.away/form", :authenticity_token => false
form_tag "http://far.far.away/form", :authenticity_token => "a_custom_authenticity_token"

It should be used in button_to helper as well (I can add it if you like the solution).

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Referenced by

Pages