> If you're concerned about security then commenting that out to resolve > the errors you were getting in development was probably a mistake. >
Right, well I had this funny feeling about it, but at the time I was trying to get some javascript stuff to work .. Anyway, there is a javascript call like this: function update_server(info) { <%= remote_function(:url => {:action => 'resize_field'}, :with => '{col:info.col,width:info.width}') %> } So I just set some routing, I'm not a routing expert, but I did this: map.connect 'shgrid/resize_field/:col/:width', :controller => 'shgrid', :action => 'resize_field' But I get the error (below). I'm not sure if there's a proper way to do it with remote_function() ? Anyway, first I did the main dev, now I am trying to learn more on security .. Processing ShgridController#resize_field (for 155.x.x.x at 2009-03-26 16:28:11) [POST] Session ID: 92c3ef636f552fbeff8e574d96bedb9f Parameters: {"col"=>"5", "action"=>"resize_field", "controller"=>"shgrid", "width"=>"66"} User Load (0.000269) SELECT * FROM "users" WHERE (name = 'Zack2') LIMIT 1 AdminSetting Load (0.000156) SELECT * FROM "admin_settings" LIMIT 1 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.1.2/lib/ action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.2/lib/ active_support/callbacks.rb:173:in `send' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.1.2/lib/ active_support/callbacks.rb:173:in `evaluate_method' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---