Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make all of the forms actually work

From the point where we moved to Rails, the forms weren't working
outside of automated tests. This is because we didn't have the CSRF
token set inside each form, but - unless you were paying close attention
- it looked like it had succeeded because the CSRF error triggered
an OAuth loop which ended in the user being shown the homepage, rather
than any kind of error.

By using the form_tag helper, we get the CSRF token (authenticity_token)
and UTF8 detection magic to boot.
  • Loading branch information...
commit 7fe02768431153e5288d52bece51ed0c0d7302a3 1 parent 52f2cd3
Jamie Cobbett jamiecobbett authored
Showing with 2 additions and 3 deletions.
  1. +2 −3 app/views/layouts/formlayout.erb
5 app/views/layouts/formlayout.erb
View
@@ -20,15 +20,14 @@
<div id="form" role="main">
<%= render @header_message %>
- <form name="input" method="post" enctype="multipart/form-data">
+ <%= form_tag "" do %>
<%= render "author" %>
<%= yield %>
<input id="submit" type="submit" value="Submit">
-
- </form>
+ <% end %>
</div>
<div class="toclear"></div>
</div>
Please sign in to comment.
Something went wrong with that request. Please try again.