On Mon, Sep 29, 2008 at 4:38 AM, Jeff <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> (I didn't get any answers over on rails-talk; I'm hoping it's ok that
> I escalate it to this list instead.)
>
> I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
> by using ActiveResource.
>
> From the client, I can find, create, and update resources owned by the
> web app.
>
> However, I can not delete any. Calling the .destroy method in
> ActiveResource generates a 422 from the web app.
>
> Not sure why this would be the case, since I thought
> protect_from_forgery only protects HTML and JS requests, whereas
> ActiveResource should be sending XML requests.
>
> Any idea if this is a bug in ActiveResource that I should dig into/
> submit a patch for, or
> is this actually by design and I'm not understanding something about
> how to achieve deletes via ActiveResource?
This does sound like a bug or misconfiguration somewhere along the
line. The request verification logic should trigger *everything*
that isn't a :get and doesn't have a content-type of one of these:
@@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss,
:atom, :yaml]
> Thanks!
> Jeff
> >
>
--
Cheers
Koz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
