Hi guys,
After I''ve upgraded to Rails 3.0.10, the application I''m
working on started
having these http basic auth popups.
At first I thought it was caused by me upgrading to 3.0.10 which
could''ve
expired all current sessions. But it''s not
that. Everytime I try to delete a record, I get the popup. I experimented
with it for a while and found out that
the bug is only present when I''m deleting via javascript (ie, links
have
:remote => true). If I remove the :remote => true
lines, then everything works fine. I can confirm that it''s working
fine
before in Rails 3.0.3. Any ideas?
Here''s the code for the link_to
link_to ''Delete'', post, :confirm => ''Are you sure
you want to delete this
post?'', :method => :delete, :remote => true
The destroy action is a standard destroy controller action (which I think
has nothing to do with this issue but I''ll include
the code anyway).
def destroy
@post = Post.where(:id => params[:id]).first
if @post
authorize! :delete, @post
@post.destroy
end
respond_to do |format|
format.html {redirect_to posts_path}
format.js
end
end
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Try to update your rails.js
发自我的 iPhone
在 2011-8-23,9:21,Jim Ruther Nill
<jvnill-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> 写道:
Hi guys,
After I''ve upgraded to Rails 3.0.10, the application I''m
working on started
having these http basic auth popups.
At first I thought it was caused by me upgrading to 3.0.10 which
could''ve
expired all current sessions. But it''s not
that. Everytime I try to delete a record, I get the popup. I experimented
with it for a while and found out that
the bug is only present when I''m deleting via javascript (ie, links
have
:remote => true). If I remove the :remote => true
lines, then everything works fine. I can confirm that it''s working
fine
before in Rails 3.0.3. Any ideas?
Here''s the code for the link_to
link_to ''Delete'', post, :confirm => ''Are you sure
you want to delete this
post?'', :method => :delete, :remote => true
The destroy action is a standard destroy controller action (which I think
has nothing to do with this issue but I''ll include
the code anyway).
def destroy
@post = Post.where(:id => params[:id]).first
if @post
authorize! :delete, @post
@post.destroy
end
respond_to do |format|
format.html {redirect_to posts_path}
format.js
end
end
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
2011/8/23 Tower He <towerhe-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>> Try to update your rails.js > >I guess this is the right way to do it. Thanks! For those having the same problems, you might want to check this article. http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails> 发自我的 iPhone > > 在 2011-8-23,9:21,Jim Ruther Nill <jvnill-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> 写道: > > Hi guys, > > After I''ve upgraded to Rails 3.0.10, the application I''m working on started > having these http basic auth popups. > At first I thought it was caused by me upgrading to 3.0.10 which could''ve > expired all current sessions. But it''s not > that. Everytime I try to delete a record, I get the popup. I experimented > with it for a while and found out that > the bug is only present when I''m deleting via javascript (ie, links have > :remote => true). If I remove the :remote => true > lines, then everything works fine. I can confirm that it''s working fine > before in Rails 3.0.3. Any ideas? > > Here''s the code for the link_to > > link_to ''Delete'', post, :confirm => ''Are you sure you want to delete this > post?'', :method => :delete, :remote => true > > The destroy action is a standard destroy controller action (which I think > has nothing to do with this issue but I''ll include > the code anyway). > > def destroy > @post = Post.where(:id => params[:id]).first > if @post > authorize! :delete, @post > @post.destroy > end > > respond_to do |format| > format.html {redirect_to posts_path} > format.js > end > end > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. >-- ------------------------------------------------------------- visit my blog at http://jimlabs.heroku.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.