Displaying 20 results from an estimated 2000 matches similar to: "disabling forgery protection"
2009 Jun 09
3
protect_from_forgery doesnt protect from forgery
Maybe I am grasping the full usage of this protect_from_forgery
function, but it does not seem to work for me. Imagine the following:
A simple website with a user that needs to log in to do certain stuff
and a closed off admin section that only certain users can access that
have the is_admin field set to true.
So to be clear, my User model has a login, password and is_admin.
When displaying the
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
I''m setting up a Paypal IPN listener and need the create action to not
use rails'' default CSRF protection.
I''ve got that working fine & test it actually works with cucumber
(where I''ve turned CSRF back on, since it''s full-stack testing) but
would like my controller spec to mention the need for
protect_from_forgery :except => [:create] (and fail
2009 May 05
3
Unable to deactivate forgery protection
Hi,
I just created a new Rails app that will be receiving some POSTed data
from the outside so it must skip the verify_authenticity_token for some
create actions. Although I have added:
skip_before_filter :verifiy_authenticity_token
I still get InvalidAuthenticityToken. In one of my other Rails app
(created back in Rails 1.2.6 and updated to 2.3.2 over time) this
skipping works perfectly though,
2010 Jul 19
0
Protect from forgery for Rest destroy action ???
Hi !!
I''m reading the rails guides about security, i had a question about the
forgery protection
If we consider a standard Restful resource ( generated with scaffold for
example ), the update and create actions are protected from forgery
attacks thanks to the authenticity token, but what about the destroy
method ??
<a href="/posts/2"
2007 Oct 12
7
webrick 500 error
Hi,
This is my second question on the poor performance of webrick
(previously I had a problem with Ajax).
I have a somewhat simple Rails application which works just fine, but
when I come back to work the next day, the server responds with error
500. It looks like if it is running more than 12 hours, it''ll crap-out.
I don''t use CVS (which I read on the web it is a common cause
2013 Mar 24
6
forgery protection for multiple browser tabs
Hi,
http://apidock.com/rails/ActionController/RequestForgeryProtection only
maintains one CSRF token at a time. When a user visits some site, he gets a
new token in the session. He then might open a linked site of the same
rails app in a new browser tab (maybe some info he''d like to read), and
again he will get a new token. Then he changes to the first tab again and
submits a form
2008 Aug 21
4
forgery Protection
Has anybody solved this issue. [
http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ?
NameError (undefined local variable or method `controller'' for
#<LeaveController:0xb7144abc>):
/app/controllers/application.rb:24:in `verify_authenticity_token''
2010 Sep 04
0
CSRF protection not working with jquery ajax post request
Hallo,
I want to test the csrf protection of my application but forgery
protection is not working with jquery ajax request.
I have used Unobtrusive Javascript with jquery
I have removed the
<%= csrf_meta_tag %>
so that my application do not include authenticity token.
In my view I have the following code
$(function () {
$(''#alert'').click(function () {
$.ajax({
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2007 Nov 04
3
can''t configure mongrel_cluster to start on boot
Hi everyone,
I''ve been working with Mongrel, Mongrel_cluster and Apache and it is great.
However, I can''t get mongrel_cluster to start at boot time. I followed the
instructions from http://mongrel.rubyforge.org/docs/mongrel_cluster.html (On
Boot Initialization Setup) and mongrel_cluster does not start after
rebooting the machine.
I made sure that the shebang line is correct and
2007 Jun 25
3
one more "uninitialized constant" problem
Hi everyone,
I''m new to backgroundrb, and I''m trying to get started with a simple example, yet with no success.
This is the code that I have in RAILS_ROOT/lib/workers/testing_worker.rb
class TestingWorker < BackgrounDRb::Worker::RailsBase
def do_work(args)
# This method is called in it''s own new thread when you
# call new worker. args is set
2007 Aug 09
2
RoR and DRb
Hi,
I have a question regarding RoR and DRb. First of all, I tested with
simple client/server examples and everything worked as expected. I have
the following lines in my environment.rb:
DRb.start_service
$rem_obj = DRbObject.new(nil, "druby://#{rname}:9001")
Since rem_obj is a global variable, I can call it from any controller
and the invoked procedure is run on the server.
However,
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All,
I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST
request in the application) to work.
When I post this form, I see the "InvalidAuthenticityToken" error.
I have
protect_from_forgery :secret => ''my_secret''
set in application.rb
and I am using an active_record session store based on this line in
environment.rb:
2008 Jun 19
6
Premature end of script headers; dispatch.cgi - ok
Hi,
I''m getting the dreaded "Premature end of script headers:
dispatch.cgi" message on my production server. Before I list all the
things that I tried, let me mention that I already have a Rails app
working on this server (installed by somebody else).
First app is accessible at: http://mydomain.com/cwps and it all works.
Second app is accessible at: http://mydomain.com/robo
2008 Mar 25
7
Facebooker::Session::SessionExpired (Session key invalid or no longer valid)
Hi All,
I''m having horrible problems with this exception, which seems to happen as
soon as I access the session object. Does anyone know what the path is to
recover from this? This post looked to be the most promising:
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
And I followed all of the steps except switching my session store, and
modifying the default
2011 Feb 11
11
CSRF protection in rails 2.3.11
Hi all,
I think CSFR protection broke in rails 2.3.11.
As in: it''s turned off now.
I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken.
>rails csrftest
>cd csrftest
>script/generate scaffold post title:string
>rake db:migrate
now I visit /posts/new in my browser, use firebug to delete or change
the authenticity token, and submit the form.
rails 2.3.11: all
2008 Apr 18
2
synchronize mongrel cluster
Hi everyone,
I would like to know if there''s a way to synchronize the actions in a
mongrel cluster. Basically, how do I make sure that a specific
controller action gets executed by only one mongrel server at one
time?
I obviously cannot use Mutex::synchronize, because we''re talking about
different processes. I looked into using optimistic and pessimistic
locking. I
2006 May 17
0
class filter: cannot call protected controller methods
Greetins all,
I''m rewriting a filter from the method form to a class filter.(see
below)
Problem: some controller - redirect_to - and route - *_url - methods are
protected (redirect_to, f.ex.), and cannot be called.
Is this intended?
Is there a solution workaround?
TIA
Alain
BEFORE:
-----------
before_filter :login_required, :except => [:welcome,:login]
def
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2008 Aug 25
1
Catch forgery errors
Hi all,
I am using ajax for some request but when the user session expire, I get
a ActionController::InvalidAuthenticityToke error.
Do you know how I could trap this error and redirect to the login panel
?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: