I'm having an issue when submitting a delete request and receiving a 400 error code. I am guessing it is the csrf token not matching the expected path or something like that. I removed the check_csrf! to verify, and am able to hit the delete route with check_csrf! removed. I am trying to delete at the path: "/todos/<%=
todo.id%>"
So I am submitting the delete request with the following header
"X-CSRF-Token": "<%== csrf_token "/todos/#{
todo.id}", "DELETE" %>
I'm guessing this is incorrect. Any pointers?
This is how I have the route setup.
hash_routes.on 'todos' do |r|
set_view_subdir 'todos'
r.on Integer do |id|
@todo = Todo[id]
r.get do
# This is accessible
return @todo.task
end
r.delete do
# not accessible at all
@todo.delete
r.redirect("todos")
end
end
end