Hi, We have the following code which sends a request on unload of one of our pages. It was working fine until I upgraded to rails 2.2.2, but now is giving ''ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):'' Does anyone know what has changed, and what I have to do to get it working again? var req = new XMLHttpRequest(); req.open("POST", "<%= url_for(:action => ''unlock'', :id => @current_page.form_data.id) %>", false); req.setRequestHeader("Content-Type", "text/plain"); req.setRequestHeader("X-Requested-With", "XMLHttpRequest"); req.send("?authenticity_token="+encodeURIComponent(window._token)); Thanks Simon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Well until 2.2.2 text/plain requests weren''t checked at all (this was a bug) so it''s entirely possible that your code has been broken from day 1. If you look at the logs does it look like the token was sent properly? Fred Sent from my iPhone On 3 Dec 2008, at 00:09, "Simon Macneall" <macneall-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Hi, > > We have the following code which sends a request on unload of one of > our > pages. It was working fine until I upgraded to rails 2.2.2, but now is > giving ''ActionController::InvalidAuthenticityToken > (ActionController::InvalidAuthenticityToken):'' > > Does anyone know what has changed, and what I have to do to get it > working > again? > > var req = new XMLHttpRequest(); > req.open("POST", "<%= url_for(:action => ''unlock'', :id => > @current_page.form_data.id) %>", false); > req.setRequestHeader("Content-Type", "text/plain"); > req.setRequestHeader("X-Requested-With", "XMLHttpRequest"); > req.send("?authenticity_token="+encodeURIComponent(window._token)); > > > Thanks > Simon > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Fred, No, the authenticity_token isn''t getting through at all, and I accept that the code probably should have never worked as it stands. That said, I can''t for the life of me figure out how to get the auth token to be submitted correctly using the XMLHttpRequest object. We have the token floating around (we use it in other jQuery AJAX calls), but because this particular code is being called during unload, we need it to be synchronous, and the jQuery async:false doesn''t appear to work. Thanks Simon On Wed, 03 Dec 2008 14:12:29 +0900, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Well until 2.2.2 text/plain requests weren''t checked at all (this was > a bug) so it''s entirely possible that your code has been broken from > day 1. If you look at the logs does it look like the token was sent > properly? > > Fred--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Dec 3, 6:18 am, "Simon Macneall" <macne...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi Fred, > > No, the authenticity_token isn''t getting through at all, and I accept that > the code probably should have never worked as it stands. That said, I > can''t for the life of me figure out how to get the auth token to be > submitted correctly using the XMLHttpRequest object. We have the token > floating around (we use it in other jQuery AJAX calls), but because this > particular code is being called during unload, we need it to be > synchronous, and the jQuery async:false doesn''t appear to work. >Well (I had to look this up since I never use raw XMLHttpRequest) the parameter to send is the body of the request. When rails gets a text/ plain request it doesn''t parse the the request body for parameters (since you''ve told it that it''s just a big text file). So either you could make the type not text/plain (ie application/x-www-form- urlencoded), and even then you''d want to drop the leading ? in the body, or you could append it to the url you are requesting (being just a little bit careful that you glue it on with a & or a ? as appropriate) Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Excellent, works like a charm, thanks for that. Simon On Wed, 03 Dec 2008 17:13:50 +0900, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > > > Well (I had to look this up since I never use raw XMLHttpRequest) the > parameter to send is the body of the request. When rails gets a text/ > plain request it doesn''t parse the the request body for parameters > (since you''ve told it that it''s just a big text file). So either you > could make the type not text/plain (ie application/x-www-form- > urlencoded), and even then you''d want to drop the leading ? in the > body, or you could append it to the url you are requesting (being just > a little bit careful that you glue it on with a & or a ? as > appropriate) > > Fred > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---