Dr. Vanderdecken
2008-Jan-16 19:37 UTC
token_tag Madness! Or how do I get my pre 2.x code to work again
I have an HTML MAP over laying some video so i can control aPTZ camera through my server code. The camera is not visible outside the network so i want to control access to it. <map name="ptz2" > <area shape="rect" coords="0,0,60,45" onclick="new Ajax.Request(''/page/ moveCamera_upleft?ip=192.168.0.12'', {asynchronous:true, evalScripts:true})" ></area> <area shape="rect" coords="60,0,180,45" .... The above code is generate by some ruby code in the model area.rb models/area.rb def createArea() for a in @areas line = "<area shape=\"#{a.shape}\" coords\"#{a.x},#{a.y},#{a.x2},#{a.y2}\" onclick=\"new Ajax.Request(''/page/ moveCamera_#{a.command}?ip=#{ip}'', {asynchronous:true, evalScripts:true})\" ></area> " lines[i] = line i = i + 1 end ... end The above code worked just fine. But with the new token_tag stuff it won''t work and I don''t have a clue how to make it work. My question is where to I put the the "token_tag" stuff to create the token so Rails won''t reject the request? I generate the code within the area.rb so the model has control over the data it gets from the database. I really don''t want to create new "rails" functions or override stuff that will get outdated in the next Rails release. I just want to know how to fix my Ajax.Request() line so my code will work again. I know it has something to do with ":url => token_tag_nightmare_additons" in Ajax.Request or i need to create remote_function with it. But this code works and if I remember correctly it was hard enough to get it work the first time. (Please just help. And try to be specific as you can. Hand waving does not actually help nor does a lecture on why dont I do it the the "Rails Form way". As of this point I am so fustrated with the 2.0.death Rails release that I feel like dumping my 2 years worth of work in ROR and rewritting it in PHP.) ((Yes, i have every imaginable book on ROR in my library here, so if you can cite a specific page in a Book that would be great too.)) And yes, i do have it working with the old code by turning off the securty skip_before_filter :verify_authenticity_token --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jean-François Trân
2008-Jan-16 20:04 UTC
Re: token_tag Madness! Or how do I get my pre 2.x code to work again
2008/1/16, Dr. Vanderdecken <Decktete-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:> I have an HTML MAP over laying some video so i can control > aPTZ camera through my server code. The camera is not > visible outside the network so i want to control access to it.[lots of ugliness stripped] If you really want to put that code smell in your model, it''s up to you, but then don''t complain it will not work with future Rails versions. If you want to do a mess between models and views, then do it, but don''t complain it''s Rails fault. See in #options_for_ajax method in prototype_helper.rb, how CSRF stuff is handled in Ajax : if protect_against_forgery? && !options[:form] if js_options[''parameters''] js_options[''parameters''] << " + ''&" else js_options[''parameters''] = "''" end js_options[''parameters''] << "#{request_forgery_protection_token}='' + encodeURIComponent(''#{escape_javascript form_authenticity_token}'')" end A helper would be a better place to put all your code... -- Jean-François. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---