Pieter Hugo
2010-Sep-23 08:43 UTC
undefined method `protect_against_forgery?'' for #<ActionView
Hi guys This is a pretty tricky one. I get a "undefined method `protect_against_forgery?'' for #<ActionView::Base:0x569a3d4>" error when trying to generate a partial from ''outside'' the web site. I do this as I have a rake task that checks for changes periodically in the background, and if it then sees a change it rebuilds the partial and posts the result back to the user if he is logged in. (The posting by rake to the web site is done with juggernaut,but that''s not the issue, the failure happens when trying to build the partial) The building of the partial is achieved by instantiating Actionview in the rake task, and it all worked fine until I introduced ''drop_receiving_element'' into the partial that gets generated. The latter seems to want to use protect_against_forgery? - which is not available from the lib task. I am feeling a bit out of my depth here. Is it just a simple question of somehow including or requiring the module that contains the protection stuff? How would I do this? Or is it much more involved? Any suggestions would be welcome! Thanks for reading this! Pieter Hugo -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Edmond Kachale
2010-Sep-23 10:00 UTC
Re: undefined method `protect_against_forgery?'' for #<ActionView
2010/9/23 Pieter Hugo <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>> Hi guys > > This is a pretty tricky one. > > I get a "undefined method `protect_against_forgery?'' for > #<ActionView::Base:0x569a3d4>" error when trying to generate a partial > from ''outside'' the web site. I do this as I have a rake task that checks > for changes periodically in the background, and if it then sees a change > it rebuilds the partial and posts the result back to the user if he is > logged in. > > (The posting by rake to the web site is done with juggernaut,but that''s > not the issue, the failure happens when trying to build the partial) > > The building of the partial is achieved by instantiating Actionview in > the rake task, and it all worked fine until I introduced > ''drop_receiving_element'' into the partial that gets generated. The > latter seems to want to use protect_against_forgery? - which is not > available from the lib task. > > I am feeling a bit out of my depth here. > > Is it just a simple question of somehow including or requiring the > module that contains the protection stuff? How would I do this? Or is it > much more involved? > > Any suggestions would be welcome! > > Thanks for reading this! > > Pieter HugoI struggled with this once, but I got it work. So here we are!! Rails has some inbuilt way of a protecting your application from malice. The action of "trying to generate a partial from ''outside'' the web site" needs some aunthetication. When aunthetication is succesful, the Rails application generates a hidden input field that contains an authenticity_token. if you raise in your controller before a form post you will this param. In your controller, there exists a "protect_from_forgery" statement that checks for the presence of authenticity_token field and its value. There are three ways to go about it. (At least these worked for me) - You need your rake task should auntheticate (I don''t know how but it should) - You can cheat it by adding a hidden authenticity_token input field somewhere within the view that is triggered by this rake task. The input field can be as follows: <input name="authenticity_token" type="hidden" value="86b74406048a7f629bd560eab8de771a74c620be" /> - If all fails, just comment out the "protect_from_forgery" statement in your controller. But be aware of the security risks: Some people will easily trick the application and send data without aunthetication. Kind regards, --- Edmond Software Developer | Baobab Health Trust (http://www.baobabhealth.org/) | Malawi Cell: +265 999 465 137 | +265 881 234 717 *"Every gem has its own gemspec" -- Edmond Kachale* -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.