similar to: InvalidAuthenticityToken exception when deleting cookies

Displaying 20 results from an estimated 600 matches similar to: "InvalidAuthenticityToken exception when deleting cookies"

2008 Jan 16
4
ActionController::InvalidAuthenticityToken in LoginController
Hi, I''m having a problem trying to get a login controller working. When I try and post to my login controller I get the following error: ActionController::InvalidAuthenticityToken in LoginController#login login_controller: class LoginController < ApplicationController def login case request.method when :post if @session[''user''] =
2010 Feb 22
10
Error: "ActionController::InvalidAuthenticityToken"
Hi there, I have my first Rails app running and I regularly get the following "logged_exception" error message: "ActionController::InvalidAuthenticityToken" Has anybody an idea what might cause this problem? Could it somehow be a "time out" error (like an "AuthenticityToken" which might expire after a certain time, or something along those lines)? Any
2007 Dec 23
3
InvalidAuthenticityToken problems with my login form
I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret =>
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:
2011 Feb 11
11
CSRF protection in rails 2.3.11
Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to delete or change the authenticity token, and submit the form. rails 2.3.11: all
2009 Sep 01
0
Lots of InvalidAuthenticityToken errors - what's causing it?
So I''ve had this application online for about 4 months now, and ever since launch, I get random e-mails from ExceptionNotification about authenticity token errors. In and of itself, that''s cool, but I''m disturbed by the number I''ve received. Basic setup: Rails 2.2.2 Passenger 2.2.2 Apache 2 Long story short, I''ve gone through lots of output from
2013 Mar 24
6
forgery protection for multiple browser tabs
Hi, http://apidock.com/rails/ActionController/RequestForgeryProtection only maintains one CSRF token at a time. When a user visits some site, he gets a new token in the session. He then might open a linked site of the same rails app in a new browser tab (maybe some info he''d like to read), and again he will get a new token. Then he changes to the first tab again and submits a form
2013 Jan 22
2
Rails 4: Should a HEAD request not be handled like a GET for CSRF protection?
I am running a Rails 4 app in semi-production and I constantly get exceptions from crawler bots that use a HEAD HTTP method, which causes the CSRF protection to kick in. Shouldn''t HEAD requests normally be handled like GET requests? I am not sure if I''m just being stupid or that hit is a bug somewhere. Michiel -- You received this message because you are subscribed to the
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail
2013 Jan 09
4
CSRF resets my session in Firefox
Hello all, I''ve been trying to diagnose an issue with CSRF and Firefox specifically. I''ve got an ajax based form, using UJS (yes, I have csrf_meta_tag in my layout and I''ve tried adding the X-CSRF-Token header to the ajax beforeSend events without any luck)... The form just posts some data to an ajax method that creates, saves, and sets the session for a shopper as
2009 Jun 04
4
ActionController::InvalidAuthenticityToken & :before
I have a form that submits search criteria and while it is processing I wanted to use a js function to indicate: <% form_remote_tag :update => ''mainbody'', :url => {:action => ''search''}, :before => "wait_message(''mainbody'',''S E A R C H I N G'')" do%> wait_message() executes but then when
2010 Aug 19
0
Rails - Devise - Warden and InvalidAuthenticityToken
Hi I''ve just uploaded my new website to my server and, after a couple of teething problems, seem to be hitting problems when I am using devise and warden to authenticate users etc. The following is the error message with sensitive information removed: Processing RegistrationsController#create (for 81.111.90.194 at 2010-08-19 21:35:43) [POST] Parameters:
2008 Sep 08
0
InvalidAuthenticityToken when user adds application through facebook registration
If a user that has not yet signed up for Facebook attempts to visit an application page facebook presents them with a registration form. After this form is completed, the application is automatically added to the user''s account and Facebook displays the following message: Welcome George Tesster! Your account has been created. [application] has been added to your account. Facebook also
2008 Jan 16
0
REST Web Service ActionController::InvalidAuthenticityToken
I am trying to write a REST web service testing locally is fine but whane I deploy the server and try test it via curl curl -i -X POST -H ''Content-Type:application/xml'' -d '''' http://mytesteddomain.tld/user/posts/createReference.xml I get an error : ERROR TYPE: ActionController::InvalidAuthenticityToken ERROR MESSAGE:
2009 Apr 13
1
How to handle InvalidAuthenticityToken
Scenario: 1. Log in a user. 2. Go to a page with a form. 3. Open a new tab and log out the user. 4. Go back to previous tab and submit form. 5. It throws InvalidAuthenticityToken before getting to my login code. I need to redirect the user to a log in screen. What''s the best way to capture this and handle this? --~--~---------~--~----~------------~-------~--~----~ You received this
2008 May 22
2
Getting InvalidAuthenticityToken errors quite often
How often is the authenticity token updated? The latest error that I got was a submittal of a form, an model validation occured, I click back, make the correction, resubmit the form, then I get an InvalidAuthenticityToken error. Somewhat off topic If a person is using the authenticity tokens is there still a need to use some sort of captcha? Thanks -- Posted via http://www.ruby-forum.com/.
2007 Oct 23
6
Auto complete plugin and CSRF protection-- do you care?
Hi, I just noticed that the auto_complete plugin does not work with the CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m wondering if people would like to see the official plugin fixed. If so, speak up and I will write some tests and submit the patch. Krishna --~--~---------~--~----~------------~-------~--~----~ You received this message because you are
2009 Oct 17
3
Security problems with CookieStore and CSRF protection
Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would
2008 Mar 22
3
ActionController::InvalidAuthenticityToken not thrown in Windows
Hi all, I''m getting some weird behavior. I''m developing on two machines, one with os x and the other with windows xp. I was testing one of my registration forms and it worked fine when mongrel_rails was run on the windows machine, but when mongrel was run on os x it kept throwing "ActionController::InvalidAuthenticityToken". I realized I had forgotten the <%=
2008 Jul 29
0
Re: InvalidAuthenticityToken with Lightview
On 29 Jul 2008, at 01:00, Elliot Chyba wrote: > I''m integrating Lightview, > http://www.nickstakenburg.com/projects/lightview/, into an > application. > It''s more or less a content overlay similar to a light box, which then > calls the content either through an IFRAME or Ajax request. The IFRAME > works fine but for obvious reasons, I''d prefer to use