How to Fix Invalid Authenticity Token Issues in Rails Forms with Multiple Submit Actions

Learn how to resolve the CSRF token error in Ruby on Rails forms with multiple submit actions, especially when using Hotwire/Turbo. --- This video is based on the question https://stackoverflow.com/q/70872760/ asked by the user 'B-M' ( https://stackoverflow.com/u/795033/ ) and on the answer https://stackoverflow.com/a/70881355/ provided by the user 'B-M' ( https://stackoverflow.com/u/795033/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions. Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Rails form with multiple submit actions has invalid auth token (CSRF error) Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/licensing The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license. If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com. --- Understanding the CSRF Token Error in Rails Forms When working with Ruby on Rails applications, you may run into a common problem: the Invalid Authenticity Token error. This typically arises in forms that include multiple submit actions. If you've created a form with two submit buttons and are encountering this error when using one of the buttons, don't worry! We’ll delve into the problem and offer a solution. The Problem: CSRF Token Issues In the example you're facing, you have created a Rails form that includes two submit buttons, allowing the user to either "Retry" an action or "Remove" an item from a queue. While the first button submits the form without issues, the second button triggers an error related to the authenticity token. Here are the key points surrounding the issue: The form properly generates and includes a CSRF token. The error appears when trying to submit the form using the second button with a formaction override. The generated error messages indicate that the authenticity token is deemed invalid or missing. The Solution: Adjusting Form Submission After investigating the issue, a key detail became clear. When using Hotwire/Turbo in your Rails application and including data: { turbo: false }, you're effectively bypassing some essential AJAX features, which results in the CSRF token not updating appropriately when switching between actions. Steps to Fix the Problem To resolve this issue, you can follow this solution: Remove turbo: false - By removing the data: { turbo: false } attribute from your form, you allow the Rails framework to handle AJAX requests properly, ensuring that the CSRF token updates correctly based on the form action. Use the Correct Form Helper: Consider altering the form helper you are using to better align with Rails' conventions. If necessary, you could opt for using form_for instead of form_with where appropriate. Update Your Form Code: Here’s an updated version of your form utilizing the recommended adjustments: [[See Video to Reveal this Text or Code Snippet]] Conclusion By adjusting the form attributes and ensuring that the CSRF token is always appropriately managed, you can effectively resolve the Invalid Authenticity Token error when using multiple submit buttons in your Rails forms. Always ensure that forms are constructed in a manner compatible with Rails conventions, especially when dealing with Turbo and AJAX functionality. With these changes, you should no longer experience any CSRF issues and your form should operate smoothly across both submit actions.