ActionController::InvalidAuthenticityToken error when using firefox

I recently came across “ActionController::InvalidAuthenticityToken” error while working on an ROR application. It kind of threw me off track. I was thinking this error is somehow related to cross-site request forgery and something to do with protect_from_forgery option in application.rb controller. This error would only show up in Firefox and not in IE.

The problem is that Firefox as per standards does not allow form elements to be inserted within the “table” or “tr” elements (You can embed a form within the “td” and it will work). The form functionality gets broken if it is within the “table” or “tr” elements and you can get unpredictable results. The following is a mortgage calculator form. Firefox gave the “ActionController::InvalidAuthenticityToken” error when the remote_form_for helper was used within the table as shown below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
<table class="calc_form">
<% remote_form_for(@calc, :update=>"Calculation", :loading => "$('Calculation').hide();$('loading').show();", :complete => "$('Calculation').show();$('loading').hide();") do  |f| %>
  <tr>
    <th align="center" colspan="2">
      Mortgage Calculator
    </th>
  </tr>
  <tr>
    <td align="left"><%= f.label "Loan Amount: "%></td>
    <td><%= f.text_field :balance, :size=>"7" %></td>
  </tr>
    <%= f.hidden_field :object_id %>
  <tr>
    <td align="left"><%= f.label "Interest rate: " %></td>
    <td><%= f.text_field :interest_rate, :size=>"2" %></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "Term length: " %></td>
    <td><%= f.text_field:term_length, :size=>"1"%> yrs</td>
  </tr>
  <tr>
    <td align="left"><%= f.label :payment_type %></td>
    <td><%= select :calc, :payment_type, ["Biweekly","Monthly"]%></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "First Payment Date"%></td>
    <td><%= select :calc, :starting_month,months %>  <%= select :calc, :starting_year,yrs %></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "Show Amortization Table" %></td>
   <td><%= f.check_box :do_table%></td>
  </tr>
  <tr >
    <td  align="center" colspan="2"><%= f.submit "Calculate" %></td>
 
  </tr>
<% end %>
</table>

The right way to do it is put the remote_form_for tag outside of table as shown below. I had to spend lot of time figuring this out. IE is very forgiving regarding your mistakes but Firefox catches your mistakes.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
<% remote_form_for(@calc, :update=>"Calculation", :loading => "$('Calculation').hide();$('loading').show();", :complete => "$('Calculation').show();$('loading').hide();") do  |f| %>
<table class="calc_form">
  <tr>
    <th align="center" colspan="2">
      Mortgage Calculator
    </th>
  </tr>
  <tr>
    <td align="left"><%= f.label "Loan Amount: "%></td>
    <td><%= f.text_field :balance, :size=>"7" %></td>
  </tr>
    <%= f.hidden_field :object_id %>
  <tr>
    <td align="left"><%= f.label "Interest rate: " %></td>
    <td><%= f.text_field :interest_rate, :size=>"2" %></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "Term length: " %></td>
    <td><%= f.text_field:term_length, :size=>"1"%> yrs</td>
  </tr>
  <tr>
    <td align="left"><%= f.label :payment_type %></td>
    <td><%= select :calc, :payment_type, ["Biweekly","Monthly"]%></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "First Payment Date"%></td>
    <td><%= select :calc, :starting_month,months %>  <%= select :calc, :starting_year,yrs %></td>
  </tr>
  <tr>
    <td align="left"><%= f.label "Show Amortization Table" %></td>
   <td><%= f.check_box :do_table%></td>
  </tr>
  <tr >
    <td  align="center" colspan="2"><%= f.submit "Calculate" %></td>
 
  </tr>
</table>
<% end %>

Share/Save/Bookmark

Tags: , , , , , , ,

13 Responses to “ActionController::InvalidAuthenticityToken error when using firefox”

  1. Mariusz Nowak Says:

    It’s good to monitor if our HTML is valid.
    There are no written standards for dealing with invalid HTML so browsers can behave unexpectedly in such case
    All the best :)

  2. John Says:

    Thanks, that save me some time. I was testing on FF only and was fixating on the ‘protect_from_forgery’
    Cheers

  3. Jeana Jungen Says:

    hey,Excellent blog post dude! i am Tired of using RSS feeds and do you use twitter?so i can follow you there:D.
    PS:Have you thought putting video to this blog to keep the people more interested?I think it works.Sincerely, Jeana Jungen

  4. Louvenia Balden Says:

    Hmmm…very good to find out, there were certainly two or three things in which I had not thought of before.

  5. Mortgage life insurance quote Says:

    I am all for hitting the proverbial reset button, declaring possession to imply full ownership. All mortgages need to be forgiven. Starting…. now!

  6. Lacy Vanacker Says:

    father, May they be in us, as you are in me, and I am in you, so that the world may believe it was you who sent me. John 17:21
    O God of peace, who through your son Jesus Christ did proclaim one faith for the salvation of mankind, send your grace and blessing on all Christians who are striving to draw near to you and to each other. give us boldness to seek only your glory and the advancement of your Kingdom. Unite us all in you, Father, who with your son and the Holy Spirit, are one God for ever and ever. Purify our hearts to see and love the truth, give wisdom to our learder and steadfastness to our people, keep our nations in your tender care during these difficult times, through Jesus Christ our Lord. love & peace to the whole world.

  7. Wilbur Spieler Says:

    I do not even know the way I stopped up right here, however I thought this put up was great. I do not realize who you are however definitely you’re going to a well-known blogger if you happen to aren’t already ;) Cheers!

  8. Zachary Jelden Says:

    I must thank you for the efforts you’ve put in penning this website. I am hoping to view the same high-grade blog posts from you in the future as well. In truth, your creative writing abilities has encouraged me to get my own blog now ;)

  9. Las Vegas Washer Service Says:

    Hi there, I enjoy reading all off your article post. I wanted to write a little
    comment to supportt you.

    myblog ppst :: Las Vegas Washer Service

  10. what is karatbars international Says:

    This paragraph is really a good one it helps new
    internet users, who are wishing for blogging.

    My site what is karatbars international

  11. Nicole Says:

    Cada uno tiene un sitio web con un motor de busca que te puede guiar a artículos útiles
    sobre múltiples aspectos de la psicología adolescente.

  12. Rory Says:

    Es esencial saber que cada caso de dislexia es
    diferente, por que la dislexia es una condición auto creada.

  13. Chere Beuth Says:

    Currently it looks like Expression Engine is the best blogging platform available right now. (from what I’ve read) Is that what you’re using on your blog?

Leave a Reply