Rails3 deletion Problems

One major improvement of rails 3 is unobtrusive.Javascript(Non-intrusive JavaScript) to implementCode. For example:

 
1<% = Link_to "Destroy", @ Product,: Confirm => "Are you sure? ",: Method =>: Delete %>
 

Convert:

 
<AHref= "/Products/8"Data-confirm= "Are you sure? "Data-Method= "Delete"REL= "Nofollow">Destroy</A>
 

No additional JS Code is available, but the data-YesHTML5So it is still a little difficult to run this code. On Windows, click destroy to jump to show action.

Reference:
The reason that the link isn't working is that we don't have the relevant JavaScript files referenced in the head section of the page so the link will behave as a standard link and perform GET request as there's nothing telling it to do otherwise.

: N4 I0 L/G) V % m'd (F6 J, | 4 @
That is to sayBrowserUse it as the get method. In Linux Ubuntu, although the delete operation is executed, but there is no authenticity_token element, it will be considered as a csrf attack, so an invalidauthenticitytoken exception will be thrown. This reminds me of the addition of skip_before_filter: verify_authenticity_token, but this is obviously not a good method. I also tried to change request. forgery_whitelisted? Method, although it can also solve the problem, but it is even worse. I accidentally saw a processing method on the Internet. This method should be standard.SolutionNow.
The solution is simple. Add the following to the header of the template file in the layouts directory:

 
<% = Javascript_include_tag: Defaults %>
<% = Csrf_meta_tags %>
 

Generally, the first sentence is yes, but the second sentence is missing. Look at the source code of csrf_meta_tag:

 
Def csrf_meta_tag

IfProtect_against_forgery?
% (<Meta name = "csrf-Param" content = "# {Rack: utils. escape_html (request_forgery_protection_token)} "/> \ n <meta name =" csrf-token "content =" # {Rack: utils. escape_html (form_authenticity_token)} "/> pai.html _ safe
End

End
 

The corresponding HTML code is similar to the following:

<MetaName= "Csrf-Param"Content= "Authenticity_token"/> <MetaName= "Csrf-token"Content= "Wo8dau2vscu/ad3jklh2jrdsm7n8qednfx3gggawxoe ="/>
 

This code mainly solves the csrf problem. In the original rails2, a large piece of code is created through js to submit the delete operation. The submission method is post, where this hidden field exists, the reason may be that the delete operation cannot be identified without this.: S3 {# J. {0 z + l3 Z, G

/C4 {: E & X, I2 @) Q9 R