having just updated to Rails 2.0 I''m getting problems with: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): On most of my pages it works fine, but with some of them I just get a blank screen. I read somewhere that this was down to the secret key defined in environment.rb and that it was possible to just comment this part out. But such a simple fix alas doesn''t seem to work for me. I don''t honestly need this level of authenticity so could happily live without it. Is there a quick fix? Thanks to anyone who can help. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ryan Bigg
2007-Dec-23 22:46 UTC
Re: ActionController::InvalidAuthenticityToken (ActionController
Set this in your controller class definition protect_from_forgery :only => [:create, :update, :destroy] On Dec 24, 2007 2:52 AM, dc dc <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > having just updated to Rails 2.0 I''m getting problems with: > > ActionController::InvalidAuthenticityToken > (ActionController::InvalidAuthenticityToken): > > On most of my pages it works fine, but with some of them I just get a > blank screen. > > I read somewhere that this was down to the secret key defined in > environment.rb and that it was possible to just comment this part out. > But such a simple fix alas doesn''t seem to work for me. > > I don''t honestly need this level of authenticity so could happily live > without it. Is there a quick fix? > > Thanks to anyone who can help. > -- > Posted via http://www.ruby-forum.com/. > > > >-- Ryan Bigg http://www.frozenplague.net Feel free to add me to MSN and/or GTalk as this email. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
comopasta Gr
2008-Mar-20 14:14 UTC
Re: ActionController::InvalidAuthenticityToken (ActionContro
Hi guys, What I do is that I allow the creation of a comment from a mobile device using XML sending: <?xml version="1.0" encoding="UTF-8"?> <comment> <body>Comment from curl</body> </comment> To http://user1:pass1-savSHZN5Fh+OC1ygWla57w@public.gmane.org:3000/programs/1/comments So I used protect_from_forgery :only => [:update, :destroy] to be able to access the :create But now it is open. As you can see in the request I put the username and password so the comment can be created. How should I do this in a secure way? Both regarding the protect_from_forgery and the username and password transfer? Thanks! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
pimea.mark
2008-Apr-09 16:40 UTC
Re: ActionController::InvalidAuthenticityToken (ActionContro
The protect_from_forgery :only => [:create, :update, :destroy] is exactly what i needed to make my auto_complete work. Thanks alot :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
mikhailov
2008-Apr-19 08:47 UTC
Re: ActionController::InvalidAuthenticityToken (ActionContro
could you try to include prototype in your layout? It''s work for me :) On 9 апр, 23:40, "pimea.mark" <pimea.m...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> The protect_from_forgery :only => [:create, :update, :destroy] is > exactly what i needed to make my auto_complete work. Thanks alot :)--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---