Rails gives a InvalidAuthenticityToken error. If I reload the page it works

Question

Here's how my application works : User uploads a photo > He gets redirected to a page with a list of photos > The user set titles and descriptions of photos and hit save. Now sometimes when a user hit save Rails give InvalidAuthenticityToken error. But if the user reload the page before he hit save, Rails won't give the error and everything will work fine.

Why is it happening like this? I use devise and omniauth.

The form :

<%= form_tag update_submits_photos_path, method: :put do %>
  <% @submits.each do |submit| %>
    <div class="cont">
      <%= fields_for "submits[]", submit do |f| %>
        <%= render 'shared/error_messages', object: f.object %>
        <div class="row">
          <div class='subDetails'>
            <%= f.label :title, 'Title :', class: "updLbl" %>
            <%= f.text_field :title, class: "updInp" %>
            <%= f.label :description, 'Description :', class: "updLbl" %>
            <%= f.text_field :description, class: "updInp" %>                
          </div>
        </div>
        <% end %>
    </div>
  <% end %>
  <%= submit_tag "Update All",class: 'btn btn-primary btn-lg uploadedUp' %>
  <br>
<% end %>

Update : I just updated to Rails 4.2 stable and now the problem have disappeared!

Answer 1

There are two paths you can follow in order to resolve the issue.

First is add following line:

skip_before_filter :verify_authenticity_token, only: :the_action

to the corresponding controller, where :the_action is most likely update.

Second option is to add the token to your form:

<%= hidden_field_tag :authenticity_token, form_authenticity_token -%>