2010/9/23 Pieter Hugo <[email protected]> > Hi guys > > This is a pretty tricky one. > > I get a "undefined method `protect_against_forgery?' for > #<ActionView::Base:0x569a3d4>" error when trying to generate a partial > from 'outside' the web site. I do this as I have a rake task that checks > for changes periodically in the background, and if it then sees a change > it rebuilds the partial and posts the result back to the user if he is > logged in. > > (The posting by rake to the web site is done with juggernaut,but that's > not the issue, the failure happens when trying to build the partial) > > The building of the partial is achieved by instantiating Actionview in > the rake task, and it all worked fine until I introduced > 'drop_receiving_element' into the partial that gets generated. The > latter seems to want to use protect_against_forgery? - which is not > available from the lib task. > > I am feeling a bit out of my depth here. > > Is it just a simple question of somehow including or requiring the > module that contains the protection stuff? How would I do this? Or is it > much more involved? > > Any suggestions would be welcome! > > Thanks for reading this! > > Pieter Hugo
I struggled with this once, but I got it work. So here we are!! Rails has some inbuilt way of a protecting your application from malice. The action of "trying to generate a partial from 'outside' the web site" needs some aunthetication. When aunthetication is succesful, the Rails application generates a hidden input field that contains an authenticity_token. if you raise in your controller before a form post you will this param. In your controller, there exists a "protect_from_forgery" statement that checks for the presence of authenticity_token field and its value. There are three ways to go about it. (At least these worked for me) - You need your rake task should auntheticate (I don't know how but it should) - You can cheat it by adding a hidden authenticity_token input field somewhere within the view that is triggered by this rake task. The input field can be as follows: <input name="authenticity_token" type="hidden" value="86b74406048a7f629bd560eab8de771a74c620be" /> - If all fails, just comment out the "protect_from_forgery" statement in your controller. But be aware of the security risks: Some people will easily trick the application and send data without aunthetication. Kind regards, --- Edmond Software Developer | Baobab Health Trust (http://www.baobabhealth.org/) | Malawi Cell: +265 999 465 137 | +265 881 234 717 *"Every gem has its own gemspec" -- Edmond Kachale* -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
