Skip to content


Needs updating for Rails 3.0.4 #4

tarrall opened this Issue · 1 comment

2 participants


The new Rails 3.0.4 CSRF protection means rails.js needs to be updated. Appears that the same code added to rails.js in railties-3.0.4 works here as well:

  onCreate: function(request) {
    var csrf_meta_tag = $$('meta[name=csrf-token]')[0];

    if (csrf_meta_tag) {
      var header = 'X-CSRF-Token',
          token = csrf_meta_tag.readAttribute('content');

      if (!request.options.requestHeaders) {
        request.options.requestHeaders = {};
      request.options.requestHeaders[header] = token;
Ruby on Rails member

include the X-CSRF-Token header with every Ajax request

closed by 5e5e57b

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.