I believe this might have already been discussed but i have recently been thrown an application that was written for rails 1.2.6, and i have been given the task to upgrade it (please note that im super to new to ruby as well, but we can''t really do anything about that) basically the pervious person was doing an ajax call using "path/to5.xml?_method=delete" and then posting, however with 2.3.2, this is no longer allowed? What would be the best way to alleviate this situation? thanks alot! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> basically the pervious person was doing an ajax call using > "path/to5.xml?_method=delete" > > and then posting, however with 2.3.2, this is no longer allowed?You might try posting the _method parameter instead of including it in the querystring. SH -- Starr Horne Check out my Helpdesk RailsKit: http://railskits.com/helpdesk/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Apr 6, 4:40 pm, James Hall <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I believe this might have already been discussed but i have recently > been thrown an application that was written for rails 1.2.6, and i have > been given the task to upgrade it (please note that im super to new to > ruby as well, but we can''t really do anything about that) > > basically the pervious person was doing an ajax call using > "path/to5.xml?_method=delete" > > and then posting, however with 2.3.2, this is no longer allowed? >What''s happening when you do this ? I do vaguely recall a change where the requests that were exempt from csrf protection changed: https://rails.lighthouseapp.com/projects/8994/tickets/73-security-bug-request-forgery-protection-checks-for-accept-header-instead-of-content-type-header https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/1145-bug-invalidauthenticitytoken-incorrectly-raised-for-xml-controllerdestroy-request Fred> What would be the best way to alleviate this situation? > thanks alot! > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I write code use flex3 from rails2.2 to rails2.3.And i got the same question with you. Rails2.3 do not accept GET params from url. You may try the other ways by the HTTP Headers. I dnot know if you can change the headers for Ajax. X_HTTP_METHOD_OVERRIDE="PUT" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---