thr3ads.net - Facebooker talk - [Facebooker-talk] form_tag and form_for cause #protect_from

If this information is useful, please help other people find it:
Share via:

BJ Clark

2008-Apr-09 00:21 UTC

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

Hey All,

I''m trying to do a simple form_for (and I also get it with form_tag)  
and I''m getting the following error:

ActionView::TemplateError (No :secret given to the  
#protect_from_forgery call.  Set that or use a session store capable  
of generating its own keys (Cookie Session Store).) on line #2 of  
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get Started.</h1>
2: <% form_for :user, user_path, :method => :post do |form| %>
3: 	<fb:editor-custom label="You are a">
4: 		<label><%= radio_button_tag ''user_type'',
''student'', true %>
Student</label>
5: 		<label><%= radio_button_tag ''user_type'',
''instructor'' %> Teacher</
label>

     vendor/rails/actionpack/lib/action_controller/ 
request_forgery_protection.rb:114:in `form_authenticity_token''
     (eval):2:in `send''
     (eval):2:in `form_authenticity_token''
     vendor/rails/actionpack/lib/action_view/helpers/ 
form_tag_helper.rb:453:in `token_tag''
     vendor/rails/actionpack/lib/action_view/helpers/ 
form_tag_helper.rb:430:in `extra_tags_for_form''
     vendor/rails/actionpack/lib/action_view/helpers/ 
form_tag_helper.rb:438:in `form_tag_html''
     vendor/rails/actionpack/lib/action_view/helpers/ 
form_tag_helper.rb:41:in `form_tag''
     vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb: 
204:in `form_for''
     app/views/users/new.fbml.erb:2:in  
`_run_erb_47app47views47users47new46fbml46erb''


I''ve got this in my application.rb:
   config.action_controller.session_store = :active_record_store
   config.action_controller.session = {
     :session_key => ''_app_session'',
     :secret      => ''xxx''
   }


What''s the trick for getting around this?

Thanks,
BJ Clark

Jaime Bulmer

2008-Apr-09 00:24 UTC

head link

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

Can''t remember the orginal writer of this but put in your /lib to  
disable forgery protection while in facebook.

ActionController::RequestForgeryProtection.module_eval do
   alias :original_verify_authenticity_token :verify_authenticity_token

   def verify_authenticity_token(*args)
     if controller.params.include?(''fb_sig'') &&
controller.action ==
''sekret_method''
       # Pretend to call this before_filter.
       true
     else
       original_verify_authenticity_token(*args)
     end
   end
end



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/facebooker-talk/attachments/20080408/7c0444f8/attachment.html

Mike Mangino

2008-Apr-09 01:06 UTC

head link

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

If you generate an application with Rails 2.0, it will put the  
following section in environment.rb

  # Your secret key for verifying cookie session data integrity.
   # If you change this key, all old sessions will become invalid!
   # Make sure the secret is at least 30 characters and all random,
   # no regular words or you''ll be exposed to dictionary attacks.

  config.action_controller.session = {
     :session_key => ''_app_session'',
     :secret      => ''longstring''
   }

just uncomment the secret and you should be good to go.

Mike

On Apr 8, 2008, at 7:21 PM, BJ Clark wrote:> Hey All,
>
> I''m trying to do a simple form_for (and I also get it with
form_tag)
> and I''m getting the following error:
>
> ActionView::TemplateError (No :secret given to the
> #protect_from_forgery call.  Set that or use a session store capable
> of generating its own keys (Cookie Session Store).) on line #2 of
> users/new.fbml.erb:
> 1: <h1>Welcome To Courses, Let''s Get Started.</h1>
> 2: <% form_for :user, user_path, :method => :post do |form| %>
> 3: 	<fb:editor-custom label="You are a">
> 4: 		<label><%= radio_button_tag ''user_type'',
''student'', true %>
> Student</label>
> 5: 		<label><%= radio_button_tag ''user_type'',
''instructor'' %>
> Teacher</
> label>
>
>     vendor/rails/actionpack/lib/action_controller/
> request_forgery_protection.rb:114:in `form_authenticity_token''
>     (eval):2:in `send''
>     (eval):2:in `form_authenticity_token''
>     vendor/rails/actionpack/lib/action_view/helpers/
> form_tag_helper.rb:453:in `token_tag''
>     vendor/rails/actionpack/lib/action_view/helpers/
> form_tag_helper.rb:430:in `extra_tags_for_form''
>     vendor/rails/actionpack/lib/action_view/helpers/
> form_tag_helper.rb:438:in `form_tag_html''
>     vendor/rails/actionpack/lib/action_view/helpers/
> form_tag_helper.rb:41:in `form_tag''
>     vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb:
> 204:in `form_for''
>     app/views/users/new.fbml.erb:2:in
> `_run_erb_47app47views47users47new46fbml46erb''
>
>
> I''ve got this in my application.rb:
>   config.action_controller.session_store = :active_record_store
>   config.action_controller.session = {
>     :session_key => ''_app_session'',
>     :secret      => ''xxx''
>   }
>
>
> What''s the trick for getting around this?
>
> Thanks,
> BJ Clark
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
--
Mike Mangino
http://www.elevatedrails.com

BJ Clark

2008-Apr-09 16:28 UTC

head link

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

Mike,
My secret is not commented out. Is there any way to test this stuff in  
script/console?

environment.rb:
# Your secret key for verifying cookie session data integrity.
  # If you change this key, all old sessions will become invalid!
  # Make sure the secret is at least 30 characters and all random,
  # no regular words or you''ll be exposed to dictionary attacks.

  config.action_controller.session = {
    :session_key => ''_yyy_session'',
    :secret      => ''xxx''
  }

  # Use the database for sessions instead of the cookie-based default,
  # which shouldn''t be used to store highly confidential information
  # (create the session table with ''rake db:sessions:create'')
  config.action_controller.session_store = :active_record_store

I''m not sure what''s up.
Thanks,
BJ Clark

On Apr 8, 2008, at 7:06 PM, Mike Mangino wrote:
> If you generate an application with Rails 2.0, it will put the  
> following section in environment.rb
>
> # Your secret key for verifying cookie session data integrity.
>  # If you change this key, all old sessions will become invalid!
>  # Make sure the secret is at least 30 characters and all random,
>  # no regular words or you''ll be exposed to dictionary attacks.
>
> config.action_controller.session = {
>    :session_key => ''_app_session'',
>    :secret      => ''longstring''
>  }
>
> just uncomment the secret and you should be good to go.
>
> Mike
>
> On Apr 8, 2008, at 7:21 PM, BJ Clark wrote:
>> Hey All,
>>
>> I''m trying to do a simple form_for (and I also get it with
form_tag)
>> and I''m getting the following error:
>>
>> ActionView::TemplateError (No :secret given to the
>> #protect_from_forgery call.  Set that or use a session store capable
>> of generating its own keys (Cookie Session Store).) on line #2 of
>> users/new.fbml.erb:
>> 1: <h1>Welcome To Courses, Let''s Get Started.</h1>
>> 2: <% form_for :user, user_path, :method => :post do |form| %>
>> 3: 	<fb:editor-custom label="You are a">
>> 4: 		<label><%= radio_button_tag
''user_type'', ''student'', true %>
>> Student</label>
>> 5: 		<label><%= radio_button_tag
''user_type'', ''instructor'' %>
>> Teacher</
>> label>
>>
>>    vendor/rails/actionpack/lib/action_controller/
>> request_forgery_protection.rb:114:in `form_authenticity_token''
>>    (eval):2:in `send''
>>    (eval):2:in `form_authenticity_token''
>>    vendor/rails/actionpack/lib/action_view/helpers/
>> form_tag_helper.rb:453:in `token_tag''
>>    vendor/rails/actionpack/lib/action_view/helpers/
>> form_tag_helper.rb:430:in `extra_tags_for_form''
>>    vendor/rails/actionpack/lib/action_view/helpers/
>> form_tag_helper.rb:438:in `form_tag_html''
>>    vendor/rails/actionpack/lib/action_view/helpers/
>> form_tag_helper.rb:41:in `form_tag''
>>    vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb:
>> 204:in `form_for''
>>    app/views/users/new.fbml.erb:2:in
>> `_run_erb_47app47views47users47new46fbml46erb''
>>
>>
>> I''ve got this in my application.rb:
>>  config.action_controller.session_store = :active_record_store
>>  config.action_controller.session = {
>>    :session_key => ''_app_session'',
>>    :secret      => ''xxx''
>>  }
>>
>>
>> What''s the trick for getting around this?
>>
>> Thanks,
>> BJ Clark
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>

Seemingly Similar Threads

Search for more apparently analagous threads

Facebooker talk - Apr 2008 - form_tag and form_for cause #protect_from_forgery errors

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

[Facebooker-talk] form_tag and form_for cause #protect_from_forgery errors

Seemingly Similar Threads