Dr. Vanderdecken
2008-Jan-16 19:37 UTC
token_tag Madness! Or how do I get my pre 2.x code to work again
I have an HTML MAP over laying some video so i can control aPTZ camera
through my server code. The camera is not visible outside the network
so i want to control access to it.
<map name="ptz2" >
<area shape="rect" coords="0,0,60,45"
onclick="new Ajax.Request(''/page/
moveCamera_upleft?ip=192.168.0.12'', {asynchronous:true,
evalScripts:true})" ></area>
<area shape="rect" coords="60,0,180,45"
....
The above code is generate by some ruby code in the model area.rb
models/area.rb
def createArea()
for a in @areas
line = "<area shape=\"#{a.shape}\"
coords\"#{a.x},#{a.y},#{a.x2},#{a.y2}\"
onclick=\"new Ajax.Request(''/page/
moveCamera_#{a.command}?ip=#{ip}'', {asynchronous:true,
evalScripts:true})\" ></area> "
lines[i] = line
i = i + 1
end
...
end
The above code worked just fine. But with the new token_tag stuff it
won''t work and I don''t have a clue how to make it work.
My question is where to I put the the "token_tag" stuff to create the
token so Rails won''t reject the request? I generate the code within
the area.rb so the model has control over the data it gets from the
database.
I really don''t want to create new "rails" functions or
override stuff
that will get outdated in the next Rails release. I just want to know
how to fix my Ajax.Request() line so my code will work again.
I know it has something to do with ":url =>
token_tag_nightmare_additons" in Ajax.Request or i need to create
remote_function with it. But this code works and if I remember
correctly it was hard enough to get it work the first time.
(Please just help. And try to be specific as you can. Hand waving does
not actually help nor does a lecture on why dont I do it the the
"Rails Form way". As of this point I am so fustrated with the
2.0.death Rails release that I feel like dumping my 2 years worth of
work in ROR and rewritting it in PHP.)
((Yes, i have every imaginable book on ROR in my library here, so if
you can cite a specific page in a Book that would be great too.))
And yes, i do have it working with the old code by turning off the
securty
skip_before_filter :verify_authenticity_token
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Jean-François Trân
2008-Jan-16 20:04 UTC
Re: token_tag Madness! Or how do I get my pre 2.x code to work again
2008/1/16, Dr. Vanderdecken <Decktete-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>:> I have an HTML MAP over laying some video so i can control > aPTZ camera through my server code. The camera is not > visible outside the network so i want to control access to it.[lots of ugliness stripped] If you really want to put that code smell in your model, it''s up to you, but then don''t complain it will not work with future Rails versions. If you want to do a mess between models and views, then do it, but don''t complain it''s Rails fault. See in #options_for_ajax method in prototype_helper.rb, how CSRF stuff is handled in Ajax : if protect_against_forgery? && !options[:form] if js_options[''parameters''] js_options[''parameters''] << " + ''&" else js_options[''parameters''] = "''" end js_options[''parameters''] << "#{request_forgery_protection_token}='' + encodeURIComponent(''#{escape_javascript form_authenticity_token}'')" end A helper would be a better place to put all your code... -- Jean-François. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---