Bizarrely, this behaviour was changed in rails 4. http://www.alfajango.com/blog/rails-4-whats-new/

奇怪的是，这种行为在 Rails 4 中发生了变化。http://www.alfajango.com/blog/rails-4-whats-new/

Rails forms now will not render the CSRF field in the form unless you explicitly define it as an option to your form:

Rails 表单现在不会在表单中呈现 CSRF 字段，除非您明确将其定义为表单的选项：

<%= form_for @some_model, :remote => true, :authenticity_token => true do |f| %>
<% end %>

Adding this option allows you to gracefully degrade to a HTML fallback if Javascript is switched off.

添加此选项可让您在 Javascript 关闭时优雅地降级为 HTML 回退。

Me too faced the same problem. I have used form_tag to create custom remote form, but i got the the following error,

我也面临同样的问题。我已经使用 form_tag 创建自定义远程表单，但出现以下错误，

 ActionController::InvalidAuthenticityToken

I found that this is because in rail 4 wont add authenticity toke by default, so i added the following line in application.rb file,

我发现这是因为在 rail 4 中默认情况下不会添加真实性令牌，所以我在 application.rb 文件中添加了以下行，

 config.action_view.embed_authenticity_token_in_remote_forms = true

which automatically verify the toke when submitting the remote forms. This solves the problem for me. Hope this will help some one.

在提交远程表单时自动验证令牌。这为我解决了问题。希望这会帮助某人。

In my case i just had to add this line in my page:

就我而言，我只需要在我的页面中添加这一行：

 <%= csrf_meta_tags %>

If there is no csrf field(a hidden field) inside the form, the submission can't be authenticated by Rails server.

如果表单中没有 csrf 字段（隐藏字段），则提交将无法通过 Rails 服务器进行身份验证。

If you make the form by form_tag, this situation will happen. The better approach is to use form_forfor a resource(new object or an existing object in db) and csrf field will be built by Rails automatically.

如果您通过 制作表格form_tag，就会发生这种情况。更好的方法是使用form_for资源（新对象或数据库中的现有对象）并且 csrf 字段将由 Rails 自动构建。