Displaying 20 results from an estimated 700 matches similar to: "active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview"
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2009 Jun 22
2
protect_from_forgery with db-session (Rails 2.3.2)
I try to use db-session with protect_from_forgery.
But I always get a error msg:
ActionController::InvalidAuthenticityToken.
application_controller.rb
protect_from_forgery #:secret => ''top_secret''
session_store.rb
ActionController::Base.session_store = :active_record_store
hope you can help me.
Best regards
--
Posted via http://www.ruby-forum.com/.
2009 Sep 28
2
Error with flash and form_authenticity_token in new rails application with scaffolding
Hi All,
I get this strange problem with newly scaffolded apps - I''d really
appreciate any help in this regard.
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/
active_support/message_verifier.rb:46:in `block in secure_compare''
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/
active_support/message_verifier.rb:45:in `each''
2009 Oct 13
1
config.action_controller.session[:secret] vs protect_from_forgery :secret
What I want to do is share the same session across many Rails applications.
All of them are using Rails 2.2.2. I know that, to share the session, it''s
(supposedly) just a matter of sharing the same key and secret among the
apps, like this:
config.action_controller.session = {
:session_key => ''_apps_session'',
:secret =>
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2014 May 03
0
Putting form_authenticity_token (csrf token) in a cookie instead of in meta tags?
When you generate a default Rails app, it puts this in
application.html.erb:
<%= csrf_meta_tags %>
It does this so the remote forms can be submitted--i.e., so JavaScript can
submit a form. When jquery-rails is about to submit a form, it looks for
the <meta> tags named "csrf-param" and "csrf-token" and from them it
constructs a hidden
2010 Jul 07
1
what is a session stored via the active_record_store option unique to?
Hi,
After a bunch of snooping in AWDWR and Railsguides I can''t reach a
good understanding to the following question: What is a session stored
via the active_record_store option unique to? In other words, how does
rails bind the user to their session under the active_record_store
option?
This concern has arisen in the following way...
...I have two use levels in my app: 1) authenticated
2009 Jun 19
1
config.action_controller.session_store = :active_record_store
Hi All,
I am new to Rails and learning rails reading ebook ''Agile web
development using rails''. I am doing samples given in this book
chapter by chapter.
but I stuck when I come to Sessions chapter, they have given that to
enable session to be Database based the line
config.action_controller.session_store = :active_record_store is to be
uncommented from config/environment.rb
2010 Sep 21
0
Upload form with uploadify jquery plugin
I would like to integrate the uploadify plugin with a standard rails
form. However I can''t figure out how to add a new field and have it get
submitted with the file upload. I added a name field into the form, but
the valued does not get submitted.
<%
dialog_file_description = ''Photos''
allowed_extensions = [:jpg, :jpeg, :gif, :png]
max_size = 20.megabyte
2010 Nov 29
3
session active_record_store
Hi,
There doesn''t seem to be any previous posts about this problem, I must
be
setting things up wrongly at very basics...
Firstly, the problem... I can''t get session[] to persist with
active_record_store. I enabled (config.action_controller.session_store =
:active_record_store) in environment.rb and created the sessions table
at my MySQL database. When I do a session[:blah] =
2008 Dec 25
2
Switching to active_record_store session management errors out
Hello,
Running Ruby 1.8.6 and Rails 2.2.2 against an Oracle XE database
(sigh).
I just upgraded Rails from 1.2.3 to 2.2.2, which made my cookie based
system for storing session information to error out due to the 4Kb
limit. So, I tried to turn on the active_record_store system by un-
commenting out the "config.action_controller.session_store
= :active_record_store" line in
2008 Sep 06
4
Is Rails 2.1 "protect_from_forgery" == csrf_killer plugin?
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick Olson?
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
2008 Sep 23
0
exception_logger and protect_from_forgery
I am having a problem using the exception_logger plugin when I have
protect_from_forgery enabled.
Here is the line from application.rb:
protect_from_forgery :secret => ''xxxx''
But I am getting:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Now, if I remove the secret and try and
2009 Oct 09
1
protect_from_forgery development mode
Should this be working in development mode?
For some reason it doesn''t.
regards, John
2010 Sep 10
0
protect_from_forgery
I am a newbie to Rails, coming from a PHP shop, so please excuse my
ignorance.
I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The
rails app makes paypal api calls and the php app makes curl post calls
to the rails app with information from a shopping cart.
How can I make this work with protect_from_forgery? I basically want to
pass my own auth token from the php app (or any
2009 Jun 09
3
protect_from_forgery doesnt protect from forgery
Maybe I am grasping the full usage of this protect_from_forgery
function, but it does not seem to work for me. Imagine the following:
A simple website with a user that needs to log in to do certain stuff
and a closed off admin section that only certain users can access that
have the is_admin field set to true.
So to be clear, my User model has a login, password and is_admin.
When displaying the
2010 Feb 09
4
Rails3 pre and protect_from_forgery
I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having
some trouble with protect_from_forgery. I had protect_from_forgery set
in application_controller.rb, but run some uploadify ajax stuff in one
of my controllers, where I had protect_from_forgery, :except
=> :add_file set.
In rails 3 I''m getting ActionController::InvalidAuthenticityToken on
the ajax
2008 Jan 08
3
Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
Can I get some +1s for this tiny patch? It fixes
ActiveRecordHelper::form, which is broken by default in new
applications created with Rails 2.0.
http://dev.rubyonrails.org/ticket/10739
Jeremy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to
2010 Apr 01
4
POST-only logic in protect_from_forgery considered harmful?
Hi folks,
I am just getting into rails again after a multi-year stint of
mod_perl jobs, which might grant me some newbie-indemnity for the time
being - but I''ve found an issue I think warrants discussion.
As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
- the CSRF protection feature does not kick in for GET requests. This
2010 Oct 15
2
how to list all sessions?
I have created ActiveRecord session store in a rails 3 project:
> rake db:sessions:create
> rake db:migrate
then
Myapp::Application.config.session_store :active_record_store, :key =>
''_myapp_session''
in initializers/session_store.rb and it all works.
Now the question: how do I list ALL active sessions?
--
You received this message because you are subscribed to the