similar to: exception_logger and protect_from_forgery

I am starting to BDD. When specing the controller I want to test for object creation: it "deberia crear una nueva persona en post create" do Usuario.should_receive(:create).with({:nombre => "camilo", :clave => "secreta", :tipo => "administrador"}).and_return(@usuario) post ''create'', {:usuario => {:nombre =>

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

What I want to do is share the same session across many Rails applications. All of them are using Rails 2.2.2. I know that, to share the session, it''s (supposedly) just a matter of sharing the same key and secret among the apps, like this: config.action_controller.session = { :session_key => ''_apps_session'', :secret =>

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

i start the server but it exits right away, I ran the rake to update and changed the version string in config.rb. Any thoughts on this matter would be appreciated. i imagine that it has something to do with the session, but i am not able to figure it out. my config/config.rb has the following config.action_controller.session = { :session_key => ''c3_rails_session'',

All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:

Just would like to verify: Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I am a newbie to Rails, coming from a PHP shop, so please excuse my ignorance. I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The rails app makes paypal api calls and the php app makes curl post calls to the rails app with information from a shopping cart. How can I make this work with protect_from_forgery? I basically want to pass my own auth token from the php app (or any

It appears that the errors, which i said were related to rails 2.0.2 were in fact caused by the session marshaling that occurs between rails and facebook. Because the cookie was being modified by facebook Rails saw it as an invalid session. Here is how I got around this problem. 1. Deleted all my cookies related to my application 2. Changed my session store to an ActiveRecord session store

Hello, I''m setting up an authentication module that will be called from application.rb. I want to save a rrequest.request_uri into a session to be used as a place holder that will take users back to the page they were on before they logged in. I''m trying to call the store_location method for all methods EXCEPT login by putting login in an except before filter. For some

I am sure this is doable but I can''t find a specific example and my brain is frazzled. Basically, I am doing a whole load of in-place editing and need methods to support the updates. Here is what I am doing now: def set_blog_website faq = Faq.find(params[:id]) faq.blog_website = params[:value] faq.save! @faq = faq do_ret end Surely there is a generic way I can

I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret =>

Here is the following from my console: >> Time.now => Mon Sep 22 11:33:34 +0200 2008 >> Time.now.utc_offset => 7200 >> TimeZone[Time.now.utc_offset] => #<TimeZone:0x11aea90 @tzinfo=nil, @utc_offset=7200, @name="Athens"> >> Time.now.in_time_zone(TimeZone[Time.now.utc_offset]) => Mon, 22 Sep 2008 12:34:22 EEST +03:00 (I am in Spain - CET - and

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

I used to have Simple Captcha installed, but since I removed it I got all kinds of problems with login. Processing UsersController#login (for 188.177.122.179 at 2010-09-19 12:21:09) [POST] Parameters: {"commit"=>"OK", "authenticity_token"=>"/ Y0aZETCsMhyI3CkrZJK6O2NaLEoi+LRe8ZuDPWU9kc=",

After installing the plugin like this: ./script/plugin install -x http://svn.techno-weenie.net/projects/plugins/exception_logger/ I get this error when accessing the source repositories: svn: PROPFIND request failed on ''/projects/plugins/exception_logger/ init.rb'' svn: PROPFIND of ''/projects/plugins/exception_logger/init.rb'': Could not resolve hostname

Should this be working in development mode? For some reason it doesn''t. regards, John