On 28 Apr 2011, at 03:22, Ernesto Rocha <[email protected]> wrote:
> Guys,
>
> I'm using some AJAX on my application, but when protect_from_forgery is on
> sometimes it works and sometimes the user session is killed. Today i found
> out why.
>
> It happens the following:
>
> The authenticity_token is sent correctly as you can see below,
>
> Started DELETE
> "/clients/118/files/20?authenticity_token=hoMH9/heaFWXWWy+aE1xKQcpf4xrLoVWGqkq0pzzwuo="
> for 127.0.0.1 at Wed Apr 27 23:06:50 -0300 2011
>
> but, next line on server is,
>
> Processing by ClippingsController#destroy as JS
> Parameters: {"authenticity_token"=>"hoMH9/heaFWXWWy
> aE1xKQcpf4xrLoVWGqkq0pzzwuo=", "id"=>"20,", "client_id"=>"118"}
>
> as you can see, the plus sign ('+') turned into a white space. Once the token
> doesn't match the user session is killed.
>
> Is someone experiencing this ? Any help how to fix it ?
>
+ in urls means space - if the token genuinely contains + then you need to
escape it before putting it in the URL.
Fred
> Thanks,
> Ernesto
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
