Does anyone find them useful? I can see them being good in some cases,
but I have many exceptions that occur because of expired sessions. I am
also not sure if they are really required for pages that require a login
to access.
The other place that they cause issues is in javascript requests. I am
not using the built-in helpers, and all the javascript exists in
separate js files. There is ways to get around this, but they are
sloppy.
Is there a way to turn them off?
Here is an example of the the code requires the token. If anyone knows
an easy way to solve the problem please let me know.
------
$(document).ready(function(){
$(".photos img").draggable();
$("#trash").droppable({
accept: "img",
drop: function(ev, ui){
var url = window.location + "/photos/" +
ui.draggable.attr("id");
$.post(url, {''_method'': "delete",
''authenticity_token'':
"need_the_users_token_here"}, function(){
$(ui.draggable).remove();
});
return false;
}
});
});
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
On 7 May 2008, at 18:31, Chris Olsen wrote:> > Does anyone find them useful? I can see them being good in some > cases, > but I have many exceptions that occur because of expired sessions. > I am > also not sure if they are really required for pages that require a > login > to access. > > The other place that they cause issues is in javascript requests. I > am > not using the built-in helpers, and all the javascript exists in > separate js files. There is ways to get around this, but they are > sloppy. > > Is there a way to turn them off?It''s turned on by the protect_from_forgery line in your application.rb. The rdoc for that method should you how to have it enabled only for some stuff and how to generate the token Fred -- My ramblings: http://www.spacevatican.org> > > Here is an example of the the code requires the token. If anyone > knows > an easy way to solve the problem please let me know. > ------ > $(document).ready(function(){ > $(".photos img").draggable(); > $("#trash").droppable({ > accept: "img", > drop: function(ev, ui){ > var url = window.location + "/photos/" + ui.draggable.attr("id"); > $.post(url, {''_method'': "delete", ''authenticity_token'': > "need_the_users_token_here"}, function(){ > $(ui.draggable).remove(); > }); > return false; > } > }); > }); > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hey Fred,
Thanks for the info.
As mentioned in the protect_from_forgery docs, setting a window._token
var in the application template file allows for one to easily pass the
token.
ex
$.post(url, {''_method'': "delete",
''authenticity_token'': window._token},
function(){
...
For one small live app I get the occasional exception email notifying me
that someones authentication token expired. I have never been able to
replicate this exception. Does anyone know if the user is getting
slapped with a 422, or are they just being redirected to the login page?
Thanks.
Frederick Cheung wrote:> On 7 May 2008, at 18:31, Chris Olsen wrote:
>
>> am
>> not using the built-in helpers, and all the javascript exists in
>> separate js files. There is ways to get around this, but they are
>> sloppy.
>>
>> Is there a way to turn them off?
> It''s turned on by the protect_from_forgery line in your
> application.rb. The rdoc for that method should you how to have it
> enabled only for some stuff and how to generate the token
>
> Fred
> --
> My ramblings: http://www.spacevatican.org
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---