Authenticity token is checked for all POST requests (aka POST / PUT / DELETE). If you're doing just GET then the system doesn't look for a token.
An easier way to grab the auth token than what's specified in the blog post is to use ExternalInterface and a javascript function: html: <script language="Javascript"> function getAuthKey() { return "<%= form_authenticity_token %>"; } </script> Flash: var authToken:String = ExternalInterface.call("getAuthKey"); Which then needs to be added to the .data field of an URLRequest you process. Hope that helps. Jason On Fri, Oct 10, 2008 at 8:29 AM, Anjan Tek <[EMAIL PROTECTED]> wrote: > > Hi! > > To send the authenticity token from flex back to the server, I followed > this: > http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/ > > I have two controllers in my rails app. The method described in the link > above works with the actions in one controller, but does not work with > the other. > > The controller which does not work has just one action which performs a > file upload. In this controller, if I don't put "skip_before_filter > :verify_authenticity_token" at the top, the file upload doesn't work. I > have pasted the upload action below: > > def upload_image > directory = "public" + params[ :temp_Image_Location ].to_s > pRandomFileName = params[ :random_File_Name ].to_s > pFileData = params[ :Filedata ] > > vFilePath = File.join( directory, pRandomFileName ) > > succeeded = File.open( vFilePath, "wb" ) { |vBuffer| vBuffer.write( > pFileData.read ) } > > render(:xml => "<response>Finished!</response>") if succeeded > end > > Why is it that the authenticity_token variable is being detected in one > controller and not the other? I'd be very grateful if someone could help > me out with this. > > Thanks. > Anjan > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---