Larz wrote:
> But I get the error (below). I'm not sure if there's a proper way to
> do it with remote_function() ?
> Anyway, first I did the main dev, now I am trying to learn more on
> security ..
>
> Processing ShgridController#resize_field (for 155.x.x.x at 2009-03-26
> 16:28:11) [POST]
> Session ID: 92c3ef636f552fbeff8e574d96bedb9f
> Parameters: {"col"=>"5", "action"=>"resize_field",
> "controller"=>"shgrid", "width"=>"66"}
> User Load (0.000269) SELECT * FROM "users" WHERE (name = 'Zack2')
> LIMIT 1
> AdminSetting Load (0.000156) SELECT * FROM "admin_settings" LIMIT
> 1
>
>
> ActionController::InvalidAuthenticityToken
> (ActionController::InvalidAuthenticityToken):
> /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.1.2/lib/
> action_controller/request_forgery_protection.rb:86:in
> `verify_authenticity_token'
> /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.2/lib/
> active_support/callbacks.rb:173:in `send'
> /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.2/lib/
> active_support/callbacks.rb:173:in `evaluate_method'
Sure it will fail on that because there is no authenticity token in your
params:
Example:
Processing ThingsController#create (for 127.0.0.1 at 2009-03-26
16:42:40) [POST]
Parameters: {"commit"=>"Create",
"authenticity_token"=>"wM7T6k++1upx4BO+fVy571jwqx0d4z0U92PPSGP+UUQ=",
"thing"=>{"name"=>"Widget"}}
You may just want to disable forgery protection for this one action, but
use it for all others. There might be a better solution than that, but
it should get you past this problem.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
