Re: [Rails] Strange behavior

Thu, 28 Apr 2011 19:06:20 -0700 

How i escape it before the rails server process it ?



Thanks,
Ernesto

On Thu, Apr 28, 2011 at 4:58 AM, Frederick Cheung <
frederick.che...@gmail.com> wrote:

>
>
> On 28 Apr 2011, at 03:22, Ernesto Rocha <ernestorro...@gmail.com> wrote:
>
> Guys,
>
> I'm using some AJAX on my application, but when protect_from_forgery is on
> sometimes it works and sometimes the user session is killed. Today i found
> out why.
>
> It happens the following:
>
> The authenticity_token is sent correctly as you can see below,
>
> Started DELETE
> "/clients/118/files/20?authenticity_token=hoMH9/heaFWXWWy+aE1xKQcpf4xrLoVWGqkq0pzzwuo="
> for 127.0.0.1 at Wed Apr 27 23:06:50 -0300 2011
>
> but, next line on server is,
>
> Processing by ClippingsController#destroy as JS
>   Parameters: {"authenticity_token"=>"hoMH9/heaFWXWWy
> aE1xKQcpf4xrLoVWGqkq0pzzwuo=", "id"=>"20,", "client_id"=>"118"}
>
> as you can see, the plus sign ('+') turned into a white space. Once the
> token doesn't match the user session is killed.
>
> Is someone experiencing this ? Any help how to fix it ?
>
> + in urls means space - if the token genuinely contains + then you need to
> escape it before putting it in the URL.
>
> Fred
>
>
> Thanks,
> Ernesto
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to