req.body returning "Forbidden"

In my node.js express app I'm submitting a form, to an action on a controller. All this controller does is:


(I'm using RailwayJS (but that's not all that important to this question I don't think) I'm doing this is to get the values in the form

However, it comes back as 'Forbidden'

If I restart node, and refresh the page (confirming i want to post back) then I get the desired result...

Any idea how to get the values of the form without restarting?

I think this is related to 'protect from forgery' beforeFilter. Do you pass authencity_token to your post?

Possible solution: skipBeforeFiler('protect from forgery'); -- it disables CSRF protection Better solution: use form_for helper, or pass authencity_token manually. Check apidocs to learn more about CSRF protection: