Displaying 5 results from an estimated 5 matches for "after_action".
2014 May 03
0
Putting form_authenticity_token (csrf token) in a cookie instead of in meta tags?
...r. Since the
form_authenticity_token is different for every session, leaving
csrf_meta_tags in the header makes it impossible for a proxy to cache the
page.
I have an idea for how to fix it but thought I would ask here, to see if
people think there would be problems with it: I could create an
after_action in ApplicationController that looks like this:
after_action :set_authenticity_cookie
def set_authenticity_cookie
cookies[:form_authenticity_token] = form_authenticity_token ifform_authenticity_token
end
So basically send the form_authenticity_token to the browser in a cookie
instead of put...
2008 Mar 08
7
ridding away with do_request
I''m heading out of town, but had a quick thought I wanted to share.
Rather then using ambiguous named request helpers in controller specs
like "do_request", I''ve been using more readable helpers like
"post_create".
For example...
describe ProjectController do
def post_create
post :create, ...
end
before do
end
it "creates a new
2008 Jan 30
3
Order of the get call and xxx.should
Just out of curiosity, why is that the following .should calls have to
differ to work?
The first is a normal check on the if the user is redirected if not
logged in
=========
it "should redirect the user to the login screen" do
do_get
response.should redirect_to(new_session_url)
end
The second is checking to ensure that the proper user validation method
is called
=========
it
2006 Apr 09
1
PageSweeper not working since upgrading to 1.1.1
...uby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/filters.rb:394:in
`each''
/usr/lib/ruby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/filters.rb:394:in
`call_filters''
/usr/lib/ruby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/filters.rb:389:in
`after_action''
/usr/lib/ruby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/filters.rb:369:in
`perform_action_without_benchmark''
/usr/lib/ruby/gems/1.8/gems/actionpack-1.12.1/lib/action_controller/benchmarking.rb:69:in
`perform_action_without_rescue''
/usr/lib/ruby/...
2013 Nov 28
74
Remove :js responder
https://github.com/rails/rails/issues/12374#issuecomment-29446761
Here in discussion I proposed to deprecate JS responder because this
technique is insecure and not pragmatic way to transfer data.
It can be exploited in this
way http://homakov.blogspot.com/2013/05/do-not-use-rjs-like-techniques.html
i find this bug very often so i know what i''m talking about. With it
attacker can