Here is where I am at with this so far ...
I decied to try to change my code to be all javascript to get around
the strange problem I was having, so I followed the
advice from this site:
http://david-burger.blogspot.com/2008/01/rails-forgery-protection-csrf-and-ajax.html
Here is what my code l
The other thing seems to be that if this is set in the base
controller:
protect_from_forgery :secret => '10aedsfsdafdasfasdfxvcxvhg'
Then it generates the authenticity tokens, regardless of whether the
check is made. That seems to break my remote_function call as
mentioned in the previous post (
>
> To make it dynamic, I would use form_authenticity_token, not the
> actual value of it.
>
Thanks,
So I make the call like this, it works fine except I'm not sure why
the stuff in the :with part from javascript
doesn't make it into params when I have authenticity_token in
the :url part:
<
On Thu, Mar 26, 2009 at 3:58 PM, Larz wrote:
> I'm still learning here, but what happens is if I copy the token from
> some other action that works so I now have this:
>
> <%= remote_function(:url => {:action => 'resize_field',
> :authenticity_token
> =>"sda4354326h
Thanks,
I'm still learning here, but what happens is if I copy the token from
some other action that works so I now have this:
<%= remote_function(:url => {:action => 'resize_field',
:authenticity_token
=>"sda4354326hfghgfsf-whatever"},
:with
Larz wrote:
> But I get the error (below). I'm not sure if there's a proper way to
> do it with remote_function() ?
> Anyway, first I did the main dev, now I am trying to learn more on
> security ..
>
> Processing ShgridController#resize_field (for 155.x.x.x at 2009-03-26
> 16:28:11) [POST]
> S
> If you're concerned about security then commenting that out to resolve
> the errors you were getting in development was probably a mistake.
>
Right, well I had this funny feeling about it, but at the time I was
trying to get some javascript stuff to work ..
Anyway, there is a javascript call
wbsurf...@yahoo.com wrote:
> protect_from_forgery :secret => 'hgfjh...kjhghglh' (whatever)
>
> self.allow_forgery_protection = false
>
>
> I had commented those out during development because certain actions
> would error out because of these.
If you're concerned about security then commen
8 matches
Mail list logo
