The other thing seems to be that if this is set in the base controller: protect_from_forgery :secret => '10aedsfsdafdasfasdfxvcxvhg'
Then it generates the authenticity tokens, regardless of whether the check is made. That seems to break my remote_function call as mentioned in the previous post (because the :with js stuff doesn't get put into the url/ params. since protect_from_forgery I guess it's called at the class level, I'm not sure I can disable it for one action and have it turned on for others .. I can turn this off at the instance level: self.allow_forgery_protection but that doesn't fix my other problem ... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
