Hi -

I am haunted by this :secret / #protect_from_forgery /
form_authenticity_token error that seems to stop me every few months.
Luckily it has been in remission for a few months.  I just had a few
hours to finish this site and whammo! Up pops this much feared error.

The cause is that I installed attachment_fu and page_attachments into my
Radiant app.  The installs went smoothly until I tried to edit a page.
Then I got this error:

----------------------------------------------------------------
    ActionController::InvalidAuthenticityToken in Admin/page#edit

   Showing vendor/extensions/page_attachments/app/views/admin
/page/_attachments_box.html.erb where line #7 raised:

   No :secret given to the #protect_from_forgery call.  Set that or use
a session store capable of generating its own keys (Cookie Session
Store).
----------------------------------------------------------------

I'm using Active Record Session Store and I don't much care for Cookie
session store because it limits what I can stick in the session. I have
a :secret defined in my environment.rb and I also have

    config.action_controller.allow_forgery_protection = false

in there.  Could somebody tell me how to fix this or point me to
resources to learn about the forgery protection stuff?

(In the mean time I'm googling this topic)

Thank you.

Steve
-- 
Posted via http://www.ruby-forum.com/.
_______________________________________________
Radiant mailing list
Post:   Radiant@radiantcms.org
Search: http://radiantcms.org/mailing-list/search/
Site:   http://lists.radiantcms.org/mailman/listinfo/radiant

Reply via email to