For some reason, the CSRF protections in Rails require that if you use
:active_record_store for sessions, the key given in your config setting
must be equivalent to the key given in the call to protect_from_forgery
in the controller. One way around this might be to add an
after_initialize block like so:
config.after_initialize do
ActionController::Base.request_forgery_protection_options.update
:secret => 'putyourreallylongsha1hashkeyhere'
end
Sean
Steven Line wrote:
Geez, I don't know what just happened here, but I stuck this line of
code in some obscure file I didn't even know existed and it fixed my
problem.
I stuck this line of code:
protect_from_forgery :secret =>
'asdfqwexxcoivswhallelujah!yippee!fqewwel', :except => :index
into my
radiant-0.6.9/app/controllers/admin/page_controller.rb
and the error went away.
_______________________________________________
Radiant mailing list
Post: [email protected]
Search: http://radiantcms.org/mailing-list/search/
Site: http://lists.radiantcms.org/mailman/listinfo/radiant
