Authenticity token is checked for all POST requests (aka POST / PUT /
DELETE). If you're doing just GET then the system doesn't look for a
token.
An easier way to grab the auth token than what's specified in the blog
post is to use ExternalInterface and a javascript function:
html:
<script language="Javascript">
function getAuthKey() { return "<%= form_authenticity_token %>"; }
</script>
Flash:
var authToken:String = ExternalInterface.call("getAuthKey");
Which then needs to be added to the .data field of an URLRequest you process.
Hope that helps.
Jason
On Fri, Oct 10, 2008 at 8:29 AM, Anjan Tek
<[EMAIL PROTECTED]> wrote:
>
> Hi!
>
> To send the authenticity token from flex back to the server, I followed
> this:
> http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/
>
> I have two controllers in my rails app. The method described in the link
> above works with the actions in one controller, but does not work with
> the other.
>
> The controller which does not work has just one action which performs a
> file upload. In this controller, if I don't put "skip_before_filter
> :verify_authenticity_token" at the top, the file upload doesn't work. I
> have pasted the upload action below:
>
> def upload_image
> directory = "public" + params[ :temp_Image_Location ].to_s
> pRandomFileName = params[ :random_File_Name ].to_s
> pFileData = params[ :Filedata ]
>
> vFilePath = File.join( directory, pRandomFileName )
>
> succeeded = File.open( vFilePath, "wb" ) { |vBuffer| vBuffer.write(
> pFileData.read ) }
>
> render(:xml => "<response>Finished!</response>") if succeeded
> end
>
> Why is it that the authenticity_token variable is being detected in one
> controller and not the other? I'd be very grateful if someone could help
> me out with this.
>
> Thanks.
> Anjan
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
