Rails - May 2009 - Sending vars from Flash to Rails - how to use auth_token

OK I finally am able to get a filereference uploader to send files to
rails from Flash. I had to turn the auth_token off using:

skip_before_filter :verify_authenticity_token, :only =>
''upload_photo''


But, for security I want to turn it back on. But I''m unable to get
Flash to send the vars correctly. I am able to grab the auth token
with some Javascript and I then use:


variables = new URLVariables();
variables.authenticity_token = paramList["authenticityToken"];
var request = new URLRequest(UPLOAD_URL);
request.method = URLRequestMethod.POST;
request.data = variables;


Is that correct? The variable in an html rails form uses the same var
"authenticity_token" so I would assume it''s the same, but
it''s not
working.

I think you''re on the right track; we use:

            request=new URLRequest("/line_items");
            request.method=URLRequestMethod.POST;
            
request.data="authenticity_token="+authenticity_token+"&design_id="+id;
            loader.load(request);

One gotcha I ran into is authenticity_tokens are not URI-safe, which was 
causing intermittent failures for me depending on the value of a given 
authenticity_token.  So when I''m pulling it from the flashvars I do:

var 
authenticity_token:String=encodeURIComponent(parameters["authenticity_token"]);

Glancing at the doc for URLVariables, I don''t *think* it does that for 
you; you need to do it yourself.

HTH,

dwh


wejrowski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> OK I finally am able to get a filereference uploader to send files to
> rails from Flash. I had to turn the auth_token off using:
>
> skip_before_filter :verify_authenticity_token, :only =>
''upload_photo''
>
>
> But, for security I want to turn it back on. But I''m unable to get
> Flash to send the vars correctly. I am able to grab the auth token
> with some Javascript and I then use:
>
>
> variables = new URLVariables();
> variables.authenticity_token = paramList["authenticityToken"];
> var request = new URLRequest(UPLOAD_URL);
> request.method = URLRequestMethod.POST;
> request.data = variables;
>
>
> Is that correct? The variable in an html rails form uses the same var
> "authenticity_token" so I would assume it''s the same,
but it''s not
> working.
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hmm, I tried doing:

request.data =
"authenticity_token="+paramList["authenticityToken"]
+"&design_id=1";

instead of variables, and still nothing. One thing I did notice... I
made a dynamic field on the stage and put the auth_code in there to
see if it was working. I''m not sure why, but for some reason the field
won''t include any + signs. there''s spaces there, and when I
look in
the form field in html on the same page I have my flash, the spaces
are + signs. Not sure if that''s a reason..

I had discussed that in my previous reply.  You need to URI-encode the 
authenticity_token before sending it back.

dwh


wejrowski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> Hmm, I tried doing:
>
> request.data =
"authenticity_token="+paramList["authenticityToken"]
> +"&design_id=1";
>
> instead of variables, and still nothing. One thing I did notice... I
> made a dynamic field on the stage and put the auth_code in there to
> see if it was working. I''m not sure why, but for some reason the
field
> won''t include any + signs. there''s spaces there, and when
I look in
> the form field in html on the same page I have my flash, the spaces
> are + signs. Not sure if that''s a reason..
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

It still won''t work. This issue has been discussed in the past (I know
cos I participated in it and provided a nice course of action to get  
it working :-)).

http://www.ruby-forum.com/topic/161291

The post is about integrating SWFUpload with Rails and pass it on to  
attachment_fu, but variants such as custom Flash uploaders and  
Paperclip instead of attachment_fu should be easy to deduce from my  
information.

On 20 May 2009, at 13:09, Denis Haskin wrote:
> I had discussed that in my previous reply.  You need to URI-encode  
> the authenticity_token before sending it back.
>
>
> wejrowski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>>
>> Hmm, I tried doing:
>>
>> request.data =
"authenticity_token="+paramList["authenticityToken"]
>> +"&design_id=1";
>>
>> instead of variables, and still nothing. One thing I did notice... I
>> made a dynamic field on the stage and put the auth_code in there to
>> see if it was working. I''m not sure why, but for some reason
the
>> field
>> won''t include any + signs. there''s spaces there, and
when I look in
>> the form field in html on the same page I have my flash, the spaces
>> are + signs. Not sure if that''s a reason..
Best regards

Peter De Berdt


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Okay, I was talking about the general case of Flash talking to Rails,
not about file uploading in specific.

What I did works for me ;-)

dwh


On May 20, 8:23 am, Peter De Berdt
<peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
wrote:
> It still won''t work. This issue has been discussed in the past (I
know  
> cos I participated in it and provided a nice course of action to get  
> it working :-)).
>
> http://www.ruby-forum.com/topic/161291
>
> The post is about integrating SWFUpload with Rails and pass it on to  
> attachment_fu, but variants such as custom Flash uploaders and  
> Paperclip instead of attachment_fu should be easy to deduce from my  
> information.
>
> On 20 May 2009, at 13:09, Denis Haskin wrote:
>
>
>
> > I had discussed that in my previous reply.  You need to URI-encode  
> > the authenticity_token before sending it back.
>
> > wejrow...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>
> >> Hmm, I tried doing:
>
> >> request.data =
"authenticity_token="+paramList["authenticityToken"]
> >> +"&design_id=1";
>
> >> instead of variables, and still nothing. One thing I did notice...
I
> >> made a dynamic field on the stage and put the auth_code in there
to
> >> see if it was working. I''m not sure why, but for some
reason the  
> >> field
> >> won''t include any + signs. there''s spaces there,
and when I look in
> >> the form field in html on the same page I have my flash, the
spaces
> >> are + signs. Not sure if that''s a reason..
>
> Best regards
>
> Peter De Berdt