search for: apicontrol

...ce::API::Base api_method :add, :expects => [{:html=>:string},{:from=>:string}], :returns => [Customer] end class DirectSpoolService < ActionWebService::Base web_service_api DirectSpoolAPI def add(html,from) Customer.find(:first) end def remove end end class ApiController < ApplicationController skip_before_filter :login_required web_service_dispatching_mode :delegated web_service_scaffold :invoke web_service(:directspool) {DirectSpoolService.new} end The controller behaves fine when accessing it with : http://localhost:3003/api/invoke, and cu...

Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to delete or change the authenticity token, and submit the form. rails 2.3.11: all