In Ruby on Rails, authenticity tokens are generated to prevent CSRF (Cross Site Request Forgery) attacks. These tokens generate a unique “identifier” to prevent other website from making requests on your behalf, or so-called “session riding”.
In Ruby on Rails, to have this identifier available for you, you need to put in your view, usually in app/views/layouts/application.html.erb. This tag creates something like:
<meta name=”csrf-param” content=”authenticity_token”/>
<meta name=”csrf-token” content=”uDDuQj14CCJ…”>
If you create your own AJAX functions, say with JQuery, you would need these values in order to have rails handle your request. This can be done using the following:
var param = $(‘meta[name=csrf-token]‘).attr(‘content’);
Which you can use then in your AJAX requests
$.post(‘/post’, { body: $(‘#post_body’).val(), authenticity_token: param }, function(data){
var ret = jQuery.parseJSON(data);
if(ret.status==”ok”) {
…
