I think tracks can probably do without having CSRF protection turned on. The worst someone can do is secretly add a todo telling that you owe them some money! That said, it seems that an instance where the user name and password are provided with the request is one of the cases where the CSRF protection shouldn't be invoked (i.e CSRF should only happen when implicit session based auth is used) so there may be something wonky in the plumbing in tracks
On Wed, Jun 18, 2008 at 5:52 PM, Simon Rozet <[EMAIL PROTECTED]> wrote: > On Wed, Jun 18, 2008 at 11:18 PM, <[EMAIL PROTECTED]> wrote: > > [Forgot to send to the list] > > > > On 18 Jun 2008, at 14:58, James Carruth wrote: > > > >> I have a very simple email to next action script that creates next > >> actions in Tracks using curl. It stopped working after I moved to the > >> newest version from github (I had previously been using the svn trunk > >> version). Tracks works fine from the web, but I get an error when I > >> try to add new next actions following the instructions on the > >> Integrations page. > >> > >> Here is what I type at the command prompt (relevant details have been > >> changed to protect the innocent) > >> > >> $curl -u username:password -d "todo[description]=Test out this new > >> installation&todo[context_id]=8" http://example.com:8000/todos.xml -i > > > > I tried your example (with details changed for my installation, > > obviously), and also got an error. Running under development, I got a > > more detailed error message, which suggested problems with the > > AuthenticityToken: > > > > ActionController::InvalidAuthenticityToken > > > > in TodosController#create > > > > </h1> > > <pre>ActionController::InvalidAuthenticityToken</pre> > > > > ActionPack's request_forgery_protection.rb seemed to be involved. > > Actually, this is not a bug. It's due to Rails' CSRF protection. > (which is was AFAIK > introduced in Rails 2.0.1 or something) > > -- > Simon Rozet -- <[EMAIL PROTECTED]> > _______________________________________________ > Tracks-discuss mailing list > [email protected] > http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss >
_______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
