Rails - Sep 2008 - ActiveResource and InvalidAuthenticityToken exception

Hi,

I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
by using ActiveResource.

From the client, I can find, create, and update resources owned by the
web app.

However, I can not delete any.  Calling the .destroy method in
ActiveResource generates a 422 from the web app.

Not sure why this would be the case, since I thought
protect_from_forgery only protects HTML and JS requests.

Any idea if this is a bug in ActiveResource that I should dig into, or
is this actually by design and I''m not understanding something about
how to achieve deletes via ActiveResource?

Thanks!
Jeff

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Jeff Cohen wrote:
> Hi,
> 
> I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
> by using ActiveResource.
> 
> From the client, I can find, create, and update resources owned by the
> web app.
> 
> However, I can not delete any.  Calling the .destroy method in
> ActiveResource generates a 422 from the web app.
> 
> Not sure why this would be the case, since I thought
> protect_from_forgery only protects HTML and JS requests.
> 
> Any idea if this is a bug in ActiveResource that I should dig into, or
> is this actually by design and I''m not understanding something
about
> how to achieve deletes via ActiveResource?
> 
> Thanks!
> Jeff

Seeing the same thing, using edge on the client and an older snapshot of 
edge on the server. Going to see if updating the server resolves the 
issue tonight.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Check my answer on
http://stackoverflow.com/questions/150076/how-do-i-authenticate-to-activeresource-to-avoid-the-invalidauthenticitytoken-r#150194.
It is not a perfect solution but does provide a workaround.

On Sep 28, 2:16 am, Jeff
<cohen.j...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> However, I can not delete any.  Calling the .destroy method in
> ActiveResource generates a 422 from the web app.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Sep 29, 12:15 pm, Mike Vincent
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Seeing the same thing, using edge on the client and an older snapshot of
> edge on the server. Going to see if updating the server resolves the
> issue tonight.
> --
> Posted viahttp://www.ruby-forum.com/.
Glad to know it''s not just me.  I suspect this is a bug somewhere.

Jeff
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Mike Vincent wrote:
> Jeff Cohen wrote:
>> Hi,
>> 
>> I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
>> by using ActiveResource.
>> 
>> From the client, I can find, create, and update resources owned by the
>> web app.
>> 
>> However, I can not delete any.  Calling the .destroy method in
>> ActiveResource generates a 422 from the web app.
>> 
>> Not sure why this would be the case, since I thought
>> protect_from_forgery only protects HTML and JS requests.
>> 
>> Any idea if this is a bug in ActiveResource that I should dig into, or
>> is this actually by design and I''m not understanding something
about
>> how to achieve deletes via ActiveResource?
>> 
>> Thanks!
>> Jeff
> 
> 
> Seeing the same thing, using edge on the client and an older snapshot of 
> edge on the server. Going to see if updating the server resolves the 
> issue tonight.

Issue persists with latest edge on client/server. :(


I see there''s a ticket now, too.

http://rails.lighthouseapp.com/projects/8994/tickets/1145-bug-invalidauthenticitytoken-incorrectly-raised-for-xml-controllerdestroy-request

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---