Hi, i just found where the problem is, see attached patch. With that patch there are no more error 500 when doing xhr requests. I opened a new bug on rails, let's hope it will be fixed soon.
Regards, Jérémy.
diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb index 3e0e94a..1dc6ad6 100644 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/request_forgery_protection.rb @@ -94,6 +94,7 @@ module ActionController #:nodoc: def verified_request? !protect_against_forgery? || request.method == :get || + request.xhr? || !verifiable_request_format? || form_authenticity_token == params[request_forgery_protection_token] end
signature.asc
Description: OpenPGP digital signature