Time for another lesson 😀
I’ve been banging my head for days because of this particular bug of one of the project I am working on. I installed a new layout for my project to replace the Twitter Bootstrap-provided layout, and upon testing various controller actions, I found them to redirect me to the sign-in page instead of doing the job.
Fortunately, today my co-worker found the culprit: I forgot to include the CSRF (Cross-Site Request Forgery) meta-tags inside the layout’s <head> tag. Hence I insert <%= csrf_meta_tags %> code inside the <head> tag of my layout, and voila! The controllers now stop acting funny.
<head> <meta charset="utf-8"> <title><%= content_for?(:title) ? yield(:title) : "idReads-Web" %></title> <link rel="stylesheet" type="text/css" href="/css/blaze/main.css"> <link href='http://fonts.googleapis.com/css?family=PT+Sans+Narrow:400,700' rel='stylesheet'> <%= csrf_meta_tags %> <!-- <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel='stylesheet'> --> <!--[if lt IE 9]> <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> </head>
If you experienced the same behaviour as I, perhaps you should check whether you have included the <%= csrf_meta_tags %> snippet or not.