ruby-on-rails – Rails 4删除按钮将我注销并导致“无法验证CSRF

< a data-confirm =“你确定吗？” class =“btn-alert”rel =“nofollow”data-method =“delete”href =“/ admin / lots / 6”>删除< / a>

我的开发日志告诉我这是因为它“无法验证CSRF令牌的真实性”.我似乎能够让它工作的唯一方法是从删除按钮更改为发布到删除操作的表单,但这有点愚蠢.我在其他Rails 4应用程序中完成了这个,所以我很确定我做得对.

index.html.erb

<% if can? :destroy,lot %>
   <%= link_to "Delete",admin_lot_path(lot.id),method: :delete,data: {confirm: "Are you sure?"},class: 'btn-alert' %>
<% end %>

lots_controller.rb

class Admin::LotsController < ApplicationController
  before_filter :authenticate_user!
  load_and_authorize_resource

  def destroy
    @lot.destroy
    redirect_to admin_lots_path,notice: "Lot was successfully removed."
  end
end`

就像我说的那样,用表格替换按钮似乎有效,但这并不理想.

<%= form_for([:admin,lot],method: :delete) do |f| %>
   <%= f.submit value: "Delete",class: 'btn-standard',data: {confirm: "Are you sure?"} %>
<% end %>

如果我注释掉before_filter：authenticate_user！和它工作的控制器的load_and_authorize_resource.我假设csrf令牌不会像这样在表单中一起发送.

有没有人对我能尝试什么有任何想法？如果它有用,愿意发布更多代码.这发生在我的应用程序btw中的所有删除.

更新：这是来自development.log的片段

Started DELETE "/admin/lots/6" for 127.0.0.1 at 2015-05-26 15:03:22 -0500
Processing by Admin::LotsController#destroy as HTML
  Parameters: {"id"=>"6"}
Can't verify CSRF token authenticity