On Jun 6, 2010, at 6:02 PM, blueHandTalking wrote:
I tried using ruby-debug for the first time, but I was stopped when trying to send the form information with cURL. What stopped me was providing the the auth token. I was cutting and pasting the value for the auth token into the curl parameters. I escaped all non-conforming characters, but still received an error 'Invalid Authenticity Token'. Why can't I just cut and paste the value from hidden field for authenticity token and put it in the cURL post? (with escaped characters)
The token submitted with the form needs to match the token in the session (which is signed by the app) - that's how the CSRF protection mechanism works.
Offhand, do you have a separate class for admins? The lifecycle doesn't propagate well to subclasses of User.
Otherwise, is there any chance your permission methods might be causing the problem?
--Matt Jones -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
