On 9 January 2013 20:18, Jeff Miller <[email protected]> wrote: > Hello all, > I've been trying to diagnose an issue with CSRF and Firefox > specifically. I've got an ajax based form, using UJS (yes, I have > csrf_meta_tag in my layout and I've tried adding the X-CSRF-Token header > to the ajax beforeSend events without any luck)... The form just posts > some data to an ajax method that creates, saves, and sets the session > for a shopper as well as for a hit object, then returns some JSON. This > works in Chrome and Safari (haven't tested IE yet), but Firefox is a > no-go. Basically, the session gets reset by CSRF (I confirmed this by > setting config.action_controller.allow_forgery_protection to false and > it works), but the weird thing is that upon inspecting the session, I DO > have a hit_id, but no shopper_id!! This completely breaks my form and is > frustrating as hell :P > > I'm running on Rails 3.2.11 and Ruby 1.9.3p327. Any and all help would > be appreciated!
I expect you have done this (or an equivalent) already, but just in case, have you checked that the page contains valid html by pasting the complete page html into the w3c html validator? Colin > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
