I would like to add something to what Jake said: Make sure (using something like the Live HTTP Headers plugin for Firefox) that the "trac_auth" value which is transmitted by Flash is the same as that transmitted when you perform a regular form submit. Trac uses this value to identify the browser session. So it won't do you much good to send the __FORM_TOKEN if you don't send the trac_auth value that goes with it.
On Wed, Aug 26, 2009 at 1:30 PM, Erik Bray<[email protected]> wrote: > > On Thu, Aug 20, 2009 at 3:10 PM, jbiesinger<[email protected]> wrote: >> >> I have a question on using Flash to post to trac 10.4-- I have a >> simple flash page embedded into one of my template pages which I'd >> like to be able to post back to trac. The post uses a single variable >> "buttonVar." But when trying to post, I get a 400 error and the logs >> say "WARNING: 400 Bad Request (Missing or invalid form token. Do you >> have cookies enabled?)" >> >> The header for the post (as viewed by FireBug) includes >> trac_form_token so I'm not sure why trac isn't seeing it but then >> again I'm not doing anything special in Flash to include the >> trac_form_token. I know in the newer versions of trac you can have a >> hidden form called trac_form_token and trac will embed the form token >> directly, allowing you to read it from flash or javascript or >> whatever, but is that possible using 10.4? Is there another way to >> allow the post but maintain the security of the trac_form_token? >> >> >> Trac version 10.4 >> Python 2.4.4 >> >> Thanks! >> Jake Biesinger > > The value of the form token should be in a cookie "trac_form_token". > I don't know much about Flash or action script, but I assume it's > possible to retrieve a cookie value. Then just send the token as the > value of a "__FORM_TOKEN" argument in your POST request. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
