Thursday, March 29, 2012

Rails 3.2.3.rc2 has been released!

Rails 3.2.3 introduced a new option that allows you to control the behavior of remote forms when it comes to authenticity_token generation. If you want to fragment cache your forms, authenticity token will also get cached, which isn't acceptable. However, if you only use such forms with ajax, you can disable token generation, because it will be fetched from meta tag. Starting with 3.2.3, you have an option to stop generating authenticity_token in remote forms (ie. :remote => true is passed as an option), by setting config.action_view.embed_authenticity_token_in_remote_forms = false. Please note that this will break sending those forms with javascript disabled. If you choose to not generate the token in remote forms by default, you can still explicitly pass :authenticity_token => true when generating the form to bypass this setting.

The option defaults to true, which means that existing apps are NOT affected.

This RC includes this authenticity_token change and 2 bug fixes described below. If there are no more release blockers, I will be releasing the final version on March 30th (tomorrow). If you find something please open an issue on github and let me know through email (santiago at, tweet (spastorino) or cc me on the github issue.



Post a Comment