On 30 Apr 2011, at 12:48, Ernesto Rocha <ernestorro...@gmail.com> wrote:
> I did some brute force only to test, like this: > > <meta name="csrf-param" content="authenticity_token"/> > <meta name="csrf-token" content="<%= CGI.escape form_authenticity_token %>"/> > > some characters are escaped, but now the link_to ... :method => delete is not > working anymore (the user session is killed). > > If I user URI.escape the plus sign is not escaped. > How are you adding the authenticity token to the URL ? (Ps, rails has a csrf_meta_tag helper) Fred > So, i'm still at point zero. > > Thanks, > Ernesto > > > On Fri, Apr 29, 2011 at 6:10 AM, Frederick Cheung > <frederick.che...@gmail.com> wrote: > > > On Apr 29, 3:06 am, Ernesto Rocha <ernestorro...@gmail.com> wrote: > > How i escape it before the rails server process it ? > > > You'll need to do that at the point that you add the token to the link > > Fred > > Thanks, > > Ernesto > > > > On Thu, Apr 28, 2011 at 4:58 AM, Frederick Cheung < > > > > > > > > frederick.che...@gmail.com> wrote: > > > > > On 28 Apr 2011, at 03:22, Ernesto Rocha <ernestorro...@gmail.com> wrote: > > > > > Guys, > > > > > I'm using some AJAX on my application, but when protect_from_forgery is on > > > sometimes it works and sometimes the user session is killed. Today i found > > > out why. > > > > > It happens the following: > > > > > The authenticity_token is sent correctly as you can see below, > > > > > Started DELETE > > > "/clients/118/files/20?authenticity_token=hoMH9/heaFWXWWy+aE1xKQcpf4xrLoVWG > > > qkq0pzzwuo=" > > > for 127.0.0.1 at Wed Apr 27 23:06:50 -0300 2011 > > > > > but, next line on server is, > > > > > Processing by ClippingsController#destroy as JS > > > Parameters: {"authenticity_token"=>"hoMH9/heaFWXWWy > > > aE1xKQcpf4xrLoVWGqkq0pzzwuo=", "id"=>"20,", "client_id"=>"118"} > > > > > as you can see, the plus sign ('+') turned into a white space. Once the > > > token doesn't match the user session is killed. > > > > > Is someone experiencing this ? Any help how to fix it ? > > > > > + in urls means space - if the token genuinely contains + then you need to > > > escape it before putting it in the URL. > > > > > Fred > > > > > Thanks, > > > Ernesto > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ruby on Rails: Talk" group. > > > To post to this group, send email to rubyonrails-talk@googlegroups.com. > > > To unsubscribe from this group, send email to > > > rubyonrails-talk+unsubscr...@googlegroups.com. > > > For more options, visit this group at > > >http://groups.google.com/group/rubyonrails-talk?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ruby on Rails: Talk" group. > > > To post to this group, send email to rubyonrails-talk@googlegroups.com. > > > To unsubscribe from this group, send email to > > > rubyonrails-talk+unsubscr...@googlegroups.com. > > > For more options, visit this group at > > >http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.