Rails facebook Iframe app error: InvalidAuthenticityToken

Question

I get this error when I acccess my facebook iframe app:

The change you wanted was rejected.

Maybe you tried to change something you didn't have access to.

Heroku logs:

2011-06-05T08:30:41+00:00 app[web.1]: Started POST "/facebook/" for xxxx
03 at 2011-06-05 10:30:41 +0200
2011-06-05T08:30:41+00:00 heroku[router]: POST www.vinderhimlen.dk/facebook/ dyn
o=web.1 queue=0 wait=0ms service=39ms bytes=711
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]: ActionController::InvalidAuthenticityToken
 (ActionController::InvalidAuthenticityToken):
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:45+00:00 heroku[web.1]: Stopping process with SIGTERM
2011-06-05T08:30:45+00:00 app[web.1]: >> Stopping ...
2011-06-05T08:30:45+00:00 heroku[web.1]: Process exited

Iceberg@ICEBERG-PC /c/rails/konkurranceportalen (master)
$

Answer 1

By default, Rails requires a token to be included as a hidden field with every POST.

This protects your app from Cross-Site Request Forgery.

See the Rails Request Forgery Protection documentation.

skip_before_filter :verify_authenticity_token may be useful for further debugging.