search for: requestforgeryprotect

Displaying 17 results from an estimated 17 matches for "requestforgeryprotect".

2009 Aug 28
4
InvalidAuthenticityToken
Hi guys What does the below line says ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): -e:2:in `load'' -e:2 Please guide me -- Karthik.k Mobile - +91-9894991640
2008 Jan 03
1
help - updated from 1.2.5 to 1.2.6 and getting undefined method 'session=' for ActionController::base
...9;'a_big_string '' } RAILS_GEM_VERSION = ''1.2.6'' my versions are rails 1.2.6 ruby 1.8.5 (open bsd 4.1) my application.rb controller class ApplicationController < ActionController::Base helper :all # include all helpers, all the time # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you''re not using the cookie session store protect_from_forgery # :secret => ''3ac52b38782bce94aa5b8b39873f2052'' # Be sure to include AuthenticationSystem in Application Controller instead include AuthenticatedSystem #...
2009 Aug 06
13
Redirect after login
Hi, I''m new to Ruby/RoR so please bare with me! I''m trying to adapt a ruby setup where someone logs in to a bonjour service via a web browser. I have the login screen which asks for host and password. There is only one user per host and i can log in fine. It''s suppose to redirect me to /list in my browser but doesn''t. Once i''ve entered the correct
2007 Dec 23
3
InvalidAuthenticityToken problems with my login form
I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret => ''6de86b5566d7598f57e7579...
2009 Mar 31
3
Accept POST data from external source?
Ok, this is harder than I thought. I''ve got a hunk of XML coming in from an entirely external source that I do not control (but another department in my company does, so it''s not like a giant security hole). I was hoping to just have them POST their data to me, and then I''d read the raw stream and parse it. I''m sure folks know what I ran into -- Invalid
2008 Nov 05
3
Problems w/ before_filter getting ignored
...in application.rb [/code] [code] class ApplicationController < ActionController::Base before_filter :verify_user, :except => :login before_filter :store_location, :except => :login include Authentication helper :all # include all helpers, all the time # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you''re not using the cookie session store protect_from_forgery #:secret => ''f2966dd9b280aee941288062544d2aa9'' def index end end [/code] Any ideas how I can make this work? Thanks, Clem -- Posted via http://www.ruby-...
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:
2008 Mar 16
0
bypassing verify_authenticity_token before_filter when in facebook
...new CSRF protection (built into Rails 2.0) under certain conditions. However, since my project works outside of Facebook I don?t want to disable the CSRF protection from requests made outside of Facebook. Here is a small extension i wrote for the ForgeryProtection module. ActionController::RequestForgeryProtection.module_eval do alias :original_verify_authenticity_token :verify_authenticity_token def verify_authenticity_token(*args) if controller.params.include?(''fb_sig'') && controller.action == ''sekret_method'' # Pretend to call this before_...
2008 Apr 15
4
InvalidAuthenticityToken exception when deleting cookies
Hello, I''ve been testing my project with some manual tests. One of them consists of deleting cookies ("clean personal info" in firefox) just before submit the login form. Then, I get an error. The error message is: ActionController::InvalidAuthenticityToken in SessionsController#create I''m on Rails 2.0.2 with restful_authentication plugin. I''m using
2010 Apr 26
2
woriking under webrick but not under passenger
...users @all_users = User.find(:all) end end ------------------------------------------ class ApplicationController < ActionController::Base before_filter :authorize, :except => :login_page helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details def create_default_variables(ctrl_name) session[:ctrl_name] = ctrl_name end # Scrub sensitive parameters from your log # filter_parameter_logging :password private def authorize unless User.find_by_id(session[:user_id]) session[:original_uri] = request.reque...
2013 Mar 24
6
forgery protection for multiple browser tabs
Hi, http://apidock.com/rails/ActionController/RequestForgeryProtection only maintains one CSRF token at a time. When a user visits some site, he gets a new token in the session. He then might open a linked site of the same rails app in a new browser tab (maybe some info he''d like to read), and again he will get a new token. Then he changes to the first...
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get
2010 Sep 19
4
Rails 2.3.8 - InvalidAuthenticityToken problem. URGENT!
...ntroller < ActionController::Base include ApplicationHelper # include SimpleCaptcha::ControllerValidation include ExceptionNotifiable helper :all # include all helpers, all the time protect_from_forgery # :secret => ''sdasfagagsa'' # See ActionController::RequestForgeryProtection for details What is the correct configuration for forgery protection to work without screwing up the login process!? Thanks! Rune -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonra...
2008 Sep 19
7
Non-Ruby REST client for Ruby REST server
Hi, I have a Rails 2 app and I wand to provide an API for 3rd party applications written on any language the customer uses. My thoughts are that the best way of providing it is by taking advantage of rails RESTfulness and let them perform CRUD actions on my data through it. But I don''t seem to find many information on how to achieve this. I first want to develop .NET clients (or web
2010 Apr 01
4
POST-only logic in protect_from_forgery considered harmful?
Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This is under the assumption that GET requests are idempotent. There is a (big, IMO) problem with this: unless the controller action which receives the POST request manually validates that the request is a POST a...
2010 Apr 02
6
App_Controller and partial issues with has_many through
I have a User model, a Post model, and an Interest model: User has_many posts through interests User has_many interests, dependent destroy Post has_many users through interests has_many interests, dependent destroy Post has_many interests Interest belongs to Post Interest belongs to User Application_Controller is as follows: class ApplicationController < ActionController::Base before_filter
2009 Dec 25
18
rescue_from ActionController::RoutingError II
...n''t rescue_from ActionController::RoutingError work witht he code from http://www.rubyplus.org/episodes/20-Extended-RESTful-Authentication-Rails-2-App.html class ApplicationController < ActionController::Base helper :all # include all helpers, all the time # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you''re not using the cookie session store protect_from_forgery # :secret => ''34e000fc7cc2daeae150a89535f7f87d'' # Be sure to include AuthenticationSystem in Application Controller # instead include AuthenticatedSyste...