Well until 2.2.2 text/plain requests weren't checked at all (this was
a bug) so it's entirely possible that your code has been broken from
day 1. If you look at the logs does it look like the token was sent
properly?
Fred
Sent from my iPhone
On 3 Dec 2008, at 00:09, "Simon Macneall" <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> We have the following code which sends a request on unload of one of
> our
> pages. It was working fine until I upgraded to rails 2.2.2, but now is
> giving 'ActionController::InvalidAuthenticityToken
> (ActionController::InvalidAuthenticityToken):'
>
> Does anyone know what has changed, and what I have to do to get it
> working
> again?
>
> var req = new XMLHttpRequest();
> req.open("POST", "<%= url_for(:action => 'unlock', :id =>
> @current_page.form_data.id) %>", false);
> req.setRequestHeader("Content-Type", "text/plain");
> req.setRequestHeader("X-Requested-With", "XMLHttpRequest");
> req.send("?authenticity_token="+encodeURIComponent(window._token));
>
>
> Thanks
> Simon
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
