Krishna Dole
2007-Oct-23 18:44 UTC
Auto complete plugin and CSRF protection-- do you care?
Hi, I just noticed that the auto_complete plugin does not work with the CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m wondering if people would like to see the official plugin fixed. If so, speak up and I will write some tests and submit the patch. Krishna --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2007-Oct-23 19:05 UTC
Re: Auto complete plugin and CSRF protection-- do you care?
On 23 Oct 2007, at 19:44, Krishna Dole wrote:> > Hi, > > I just noticed that the auto_complete plugin does not work with the > CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m > wondering if people would like to see the official plugin fixed. If > so, speak up and I will write some tests and submit the patch. >Please do - we haven''t moved to 2.0 yet but it would be silly for us to have to duplicate your work when we do ! Fred
Xavier Noria
2007-Oct-23 19:28 UTC
Re: Auto complete plugin and CSRF protection-- do you care?
On Oct 23, 2007, at 8:44 PM, Krishna Dole wrote:> I just noticed that the auto_complete plugin does not work with the > CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m > wondering if people would like to see the official plugin fixed. If > so, speak up and I will write some tests and submit the patch.Please! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''m interested On Oct 23, 3:44 pm, "Krishna Dole" <dontf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi, > > I just noticed that the auto_complete plugin does not work with the > CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m > wondering if people would like to see the official plugin fixed. If > so, speak up and I will write some tests and submit the patch. > > Krishna--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Krishna Dole
2007-Nov-02 07:25 UTC
Re: Auto complete plugin and CSRF protection-- do you care?
Hi all, Sorry for the delay. I finally got around to submitting the patch-- comments and criticism welcome: http://dev.rubyonrails.org/ticket/10059 Krishna On 10/24/07, nachokb <nachokb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > I''m interested > > On Oct 23, 3:44 pm, "Krishna Dole" <dontf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Hi, > > > > I just noticed that the auto_complete plugin does not work with the > > CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m > > wondering if people would like to see the official plugin fixed. If > > so, speak up and I will write some tests and submit the patch. > > > > Krishna > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Krishna Dole
2007-Dec-10 16:49 UTC
Re: Auto complete plugin and CSRF protection-- do you care?
Several people expressed interest in this patch-- I''m still looking for two +1s. http://dev.rubyonrails.org/ticket/10059 Krishna On Nov 1, 2007 11:25 PM, Krishna Dole <dontfall-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi all, > > Sorry for the delay. I finally got around to submitting the patch-- > comments and criticism welcome: > > http://dev.rubyonrails.org/ticket/10059 > > Krishna > > > On 10/24/07, nachokb <nachokb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > I''m interested > > > > On Oct 23, 3:44 pm, "Krishna Dole" <dontf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > Hi, > > > > > > I just noticed that the auto_complete plugin does not work with the > > > CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m > > > wondering if people would like to see the official plugin fixed. If > > > so, speak up and I will write some tests and submit the patch. > > > > > > Krishna > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2007-Dec-10 18:32 UTC
Re: Auto complete plugin and CSRF protection-- do you care?
On 10 Dec 2007, at 16:49, Krishna Dole wrote:> > Several people expressed interest in this patch-- I''m still looking > for two +1s. http://dev.rubyonrails.org/ticket/10059 >You''ve got mine. Worth checking out #rails-contrib on irc, or the rails-core mailing list if you need more. Fred> Krishna > > On Nov 1, 2007 11:25 PM, Krishna Dole <dontfall-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> Hi all, >> >> Sorry for the delay. I finally got around to submitting the patch-- >> comments and criticism welcome: >> >> http://dev.rubyonrails.org/ticket/10059 >> >> Krishna >> >> >> On 10/24/07, nachokb <nachokb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>> >>> I''m interested >>> >>> On Oct 23, 3:44 pm, "Krishna Dole" <dontf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>> Hi, >>>> >>>> I just noticed that the auto_complete plugin does not work with the >>>> CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m >>>> wondering if people would like to see the official plugin fixed. If >>>> so, speak up and I will write some tests and submit the patch. >>>> >>>> Krishna >>> >>> >>>>> >>> >> > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- text_field_with_auto_complete
- Rails 4: Should a HEAD request not be handled like a GET for CSRF protection?
- rspec-rails how to selectively turn on csrf protection for controller specs?
- Security problems with CookieStore and CSRF protection
- CSRF Protection Bypass in Ruby on Rails - I don't get it ...