Displaying 20 results from an estimated 70 matches for "protect_from_forgeri".
Did you mean:
protect_from_forgery
2010 Feb 09
4
Rails3 pre and protect_from_forgery
I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having
some trouble with protect_from_forgery. I had protect_from_forgery set
in application_controller.rb, but run some uploadify ajax stuff in one
of my controllers, where I had protect_from_forgery, :except
=> :add_file set.
In rails 3 I''m getting ActionController::InvalidAuthenticityToken on
the ajax
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2008 Sep 06
4
Is Rails 2.1 "protect_from_forgery" == csrf_killer plugin?
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick Olson?
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
2009 Jun 09
3
protect_from_forgery doesnt protect from forgery
Maybe I am grasping the full usage of this protect_from_forgery
function, but it does not seem to work for me. Imagine the following:
A simple website with a user that needs to log in to do certain stuff
and a closed off admin section that only certain users can access that
have the is_admin field set to true.
So to be clear, my User model has a login, password and is_admin.
When displaying the
2009 Oct 13
1
config.action_controller.session[:secret] vs protect_from_forgery :secret
What I want to do is share the same session across many Rails applications.
All of them are using Rails 2.2.2. I know that, to share the session, it''s
(supposedly) just a matter of sharing the same key and secret among the
apps, like this:
config.action_controller.session = {
:session_key => ''_apps_session'',
:secret =>
2008 Sep 23
0
exception_logger and protect_from_forgery
I am having a problem using the exception_logger plugin when I have
protect_from_forgery enabled.
Here is the line from application.rb:
protect_from_forgery :secret => ''xxxx''
But I am getting:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Now, if I remove the secret and try and
2009 Jun 22
2
protect_from_forgery with db-session (Rails 2.3.2)
I try to use db-session with protect_from_forgery.
But I always get a error msg:
ActionController::InvalidAuthenticityToken.
application_controller.rb
protect_from_forgery #:secret => ''top_secret''
session_store.rb
ActionController::Base.session_store = :active_record_store
hope you can help me.
Best regards
--
Posted via http://www.ruby-forum.com/.
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
2007 Oct 03
2
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
After switching to active_record_store to host sessions, I now get the
following errors:
ActionController::InvalidAuthenticityToken in Pages#edit
Showing app/views/pages/edit.html.erb where line #5 raised:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Extracted source (around line #5):
2:
3:
2009 Oct 09
1
protect_from_forgery development mode
Should this be working in development mode?
For some reason it doesn''t.
regards, John
2010 Sep 10
0
protect_from_forgery
I am a newbie to Rails, coming from a PHP shop, so please excuse my
ignorance.
I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The
rails app makes paypal api calls and the php app makes curl post calls
to the rails app with information from a shopping cart.
How can I make this work with protect_from_forgery? I basically want to
pass my own auth token from the php app (or any
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All,
I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST
request in the application) to work.
When I post this form, I see the "InvalidAuthenticityToken" error.
I have
protect_from_forgery :secret => ''my_secret''
set in application.rb
and I am using an active_record session store based on this line in
environment.rb:
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2010 Apr 01
4
POST-only logic in protect_from_forgery considered harmful?
Hi folks,
I am just getting into rails again after a multi-year stint of
mod_perl jobs, which might grant me some newbie-indemnity for the time
being - but I''ve found an issue I think warrants discussion.
As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
- the CSRF protection feature does not kick in for GET requests. This
2008 Jan 08
3
Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
Can I get some +1s for this tiny patch? It fixes
ActiveRecordHelper::form, which is broken by default in new
applications created with Rails 2.0.
http://dev.rubyonrails.org/ticket/10739
Jeremy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
I''m setting up a Paypal IPN listener and need the create action to not
use rails'' default CSRF protection.
I''ve got that working fine & test it actually works with cucumber
(where I''ve turned CSRF back on, since it''s full-stack testing) but
would like my controller spec to mention the need for
protect_from_forgery :except => [:create] (and fail
2011 Feb 11
11
CSRF protection in rails 2.3.11
Hi all,
I think CSFR protection broke in rails 2.3.11.
As in: it''s turned off now.
I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken.
>rails csrftest
>cd csrftest
>script/generate scaffold post title:string
>rake db:migrate
now I visit /posts/new in my browser, use firebug to delete or change
the authenticity token, and submit the form.
rails 2.3.11: all
2009 Mar 31
3
Accept POST data from external source?
Ok, this is harder than I thought. I''ve got a hunk of XML coming in
from an entirely external source that I do not control (but another
department in my company does, so it''s not like a giant security hole).
I was hoping to just have them POST their data to me, and then I''d read
the raw stream and parse it.
I''m sure folks know what I ran into -- Invalid
2008 Jul 08
8
POST instead of GET gives 404 (newbie)
Hi,
Using JRuby 1.1 and Rails 2.0, I created a small project in NetBeans
that allows me to generate a dynamic dialplan in XML. In case it
matters, I''m using builder-2.1.2 and activerecord-2.0.2.
Going in the browser to:
http://localhost:3000/routing/dialplan?Caller-Destination-Number=0
Does exactly what I want:
<document type="freeswitch/xml">
<section
2008 May 07
2
Question on authenticity tokens
Does anyone find them useful? I can see them being good in some cases,
but I have many exceptions that occur because of expired sessions. I am
also not sure if they are really required for pages that require a login
to access.
The other place that they cause issues is in javascript requests. I am
not using the built-in helpers, and all the javascript exists in
separate js files. There is ways
2007 Dec 23
3
InvalidAuthenticityToken problems with my login form
I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form..
I followed the recommandations :
in my environment.rb
config.action_controller.session = {
:session_key => ''myappname'',
:secret =>