Displaying 9 results from an estimated 9 matches for "allow_forgery_protection".
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
...k with telling the controller or
ActionController::Base to use forgery protection in the spec and am a
bit stuck.
Has anyone done this before, or do any of these look possible:
* reload the rails app for part of the spec, using a different rails
initializer (i.e. without
config.action_controller.allow_forgery_protection = false as in
environments/test.rb)
* tell the controller to use forgery protection despite it being
turned off in the rails test environment config (haven''t had any luck
with this so far).
* have some specs split off from the main specs which run in a
different rails environment, e.g...
2013 Jan 09
4
CSRF resets my session in Firefox
...thod that creates, saves, and sets the session
for a shopper as well as for a hit object, then returns some JSON. This
works in Chrome and Safari (haven''t tested IE yet), but Firefox is a
no-go. Basically, the session gets reset by CSRF (I confirmed this by
setting config.action_controller.allow_forgery_protection to false and
it works), but the weird thing is that upon inspecting the session, I DO
have a hit_id, but no shopper_id!! This completely breaks my form and is
frustrating as hell :P
I''m running on Rails 3.2.11 and Ruby 1.9.3p327. Any and all help would
be appreciated!
--
Posted via http...
2009 Mar 12
5
InvalidAuthenticityToken from home page
I''m trying to create a log in in index.html, but I keep getting an error
about InvalidAuthenticityToken. I understand this is something that RoR
puts in the forms, and it changes regularly. The problem is that the
home page in the public folder is html, and therefore static. has anyone
else put a log in on their home page?
--
Posted via http://www.ruby-forum.com/.
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2008 Aug 11
0
Rails Environment Config
...key => "_xxx_session",
:secret => "65bfb267dc928c66f3d0714d89faf43e"
}
If I''m using active_record_store above is the
config.action_controller.session params required or conflicting?
2. environment.rb
Rails::Initializer.run do |config|
config.action_controller.allow_forgery_protection = false
application.rb
protect_from_forgery :secret => ''a7cabcdf1499df9ded55d8a3797d9387''
How are these two settings related, what''s the affect?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/faceboo...
2009 Oct 09
1
protect_from_forgery development mode
Should this be working in development mode?
For some reason it doesn''t.
regards, John
2012 Mar 05
0
Rails 3 - How can you get access to current_user in the IRB console?
...some design/debugging in IRB and need to login a user and then be
able to gain access to current_user in my efforts (I''m using Devise for
authentication.)
I found a sequence from SO that allows me to successfully login via IRB and
access a page response:
>> ApplicationController.allow_forgery_protection = false
>> app.post(''/sign_in'', {"user"=>{"login"=>"some-login-id", "password"=>"some-password"}})
>> app.get ''/some_other_path_that_only_works_if_logged_in''
>> pp app.response.body
I...
2008 Feb 01
2
Turning off InvalidAuthenticityToken for a RESTful Service
Hi,
I was trying to write a RESTful service and was planning on testing
via tools such as cURL and the basic http libs. With the
InvalidAuthenticityToken piece that is turned by default in Rails
2.0.2, I have to provide the token with each request. This is
something of a pain for a programmable client that may not make a GET
request before performing other actions, specifically POST, PUT and
2008 Mar 27
3
Help with authentication errors
Hello,
I have been working through two books, "Agile Web Development with
Rails, 2nd Ed." and "Ajax on Rails". I''m using Rails2.0. In both cases,
I run into an authentication error when doing the examples. In AWDwR,
when trying to add new information to the database (p. 68) I get
ActionController::InvalidAuthenticityToken in AdminController#create