学习链接:http://cnkerry.iteye.com/blog/350718
解决方法一:
class FooController < ApplicationController
protect_from_forgery :except => :index # you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
解决方法二:
修改config/environment/development.rb(或者production.rb)
# Disable request forgery protection in development environment
config.action_controller.allow_forgery_protection = false
解决方法三:
在jquery或者form中加入
<%= tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token) %>