John Richardson
2008-Jun-06 17:42 UTC
[Facebooker-talk] 422/InvalidAuthenticityToken with fb_request_form
All,
I''m using the ActiveRecord store for sessions and have gotten form
submissions to work, but I can''t get the fb:request-form
that''s
generated by fb_request_form to work, it doesn''t seem to add hidden
fields for the token. Should it? Can it even (add extra fields to
the fb:request-form)?
My view:
<% content_for("challenge_content") do %>
13 <%= @challenge_message %>
14 <br />
15 <%= fb_req_choice(''Accept'', url_for(:controller =>
''challenge'',
:action => ''accept'')) %>
16 <%= fb_req_choice(''Decline'', url_for(:controller =>
''challenge'',
:action => ''decline'')) %>
17 <% end %>
18
19 <% fb_request_form(''My App'',
"challenge_content",
url_for(:controller => ''challenge'', :action =>
''index'')) do %>
20 <%= fb_request_form_submit(:uid=> @friend_fbid, :label =>
''Notify %n'') %>
21 <% end %>
Christopher Redinger
2008-Jun-06 18:31 UTC
[Facebooker-talk] 422/InvalidAuthenticityToken with fb_request_form
On Fri, Jun 6, 2008 at 1:42 PM, John Richardson <barooo at gmail.com> wrote:> I''m using the ActiveRecord store for sessions and have gotten form > submissions to work, but I can''t get the fb:request-form that''s > generated by fb_request_form to work, it doesn''t seem to add hidden > fields for the token.No, facebooker helpers don''t currently add the authenticity token. I''m assuming you are running on 2.1 (or a recent version of edge)? If you want to use forgery protection with edge, you''ll need to look at the patches I''ve submitted. I''ve patched the request-form helper and the facebook_form_for helper to add the authenticity token. (There are possibly others that need patching, I''ve been submitting them as I find them.) If you just want to use the code as I''ve been modifying it to work with edge, feel free to grab it from my git mirror/hack of it: http://github.com/redinger/facebooker -- Christopher Redinger http://www.agiledisciple.com
Mike Mangino
2008-Jun-06 18:44 UTC
[Facebooker-talk] 422/InvalidAuthenticityToken with fb_request_form
Sorry about not looking at this sooner. Can everybody CC the list when you add patches? I often miss them otherwise. I will try to get these committed today. Mike On Jun 6, 2008, at 1:31 PM, Christopher Redinger wrote:> On Fri, Jun 6, 2008 at 1:42 PM, John Richardson <barooo at gmail.com> > wrote: > >> I''m using the ActiveRecord store for sessions and have gotten form >> submissions to work, but I can''t get the fb:request-form that''s >> generated by fb_request_form to work, it doesn''t seem to add hidden >> fields for the token. > > No, facebooker helpers don''t currently add the authenticity token. I''m > assuming you are running on 2.1 (or a recent version of edge)? If you > want to use forgery protection with edge, you''ll need to look at the > patches I''ve submitted. I''ve patched the request-form helper and the > facebook_form_for helper to add the authenticity token. (There are > possibly others that need patching, I''ve been submitting them as I > find them.) > > If you just want to use the code as I''ve been modifying it to work > with edge, feel free to grab it from my git mirror/hack of it: > http://github.com/redinger/facebooker > > -- > Christopher Redinger > http://www.agiledisciple.com > _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk-- Mike Mangino http://www.elevatedrails.com