similar to: skip_before_filter :verify_authenticity_token make session data not accessible.

Hi, I just created a new Rails app that will be receiving some POSTed data from the outside so it must skip the verify_authenticity_token for some create actions. Although I have added: skip_before_filter :verifiy_authenticity_token I still get InvalidAuthenticityToken. In one of my other Rails app (created back in Rails 1.2.6 and updated to 2.3.2 over time) this skipping works perfectly though,

I have a before_filter in my applicationController (application.rb) for protecting all pages in my app: before_filter :login_required Then in a product controller i have a skip_filter with the only clause to allow guest users to access that resource. #allow access to show only if guest skip_before_filter :login_required, :only => [ :show ] This worked fine, allowing guest users to view

You will need: skip_before_filter :verify_authenticity_token in your sessions_controller.rb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to

Hi list, Not sure if this is helpful for anyone but I am working on a Facebook project where I need bypass the new CSRF protection (built into Rails 2.0) under certain conditions. However, since my project works outside of Facebook I don?t want to disable the CSRF protection from requests made outside of Facebook. Here is a small extension i wrote for the ForgeryProtection module.

I have a form that submits search criteria and while it is processing I wanted to use a js function to indicate: <% form_remote_tag :update => ''mainbody'', :url => {:action => ''search''}, :before => "wait_message(''mainbody'',''S E A R C H I N G'')" do%> wait_message() executes but then when

Hi! To send the authenticity token from flex back to the server, I followed this: http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/ I have two controllers in my rails app. The method described in the link above works with the actions in one controller, but does not work with the other. The controller which does not work has just one action which performs a file

If a user that has not yet signed up for Facebook attempts to visit an application page facebook presents them with a registration form. After this form is completed, the application is automatically added to the user''s account and Facebook displays the following message: Welcome George Tesster! Your account has been created. [application] has been added to your account. Facebook also

There seems to be a bug with skip_before_filter using the :only or :except conditionals. Or am I using them completely wrong? I have this code: The result is that :test_filter is skipped for both index, and index_no_filter. application.rb # Filters added to this controller will be run for all controllers in the application. # Likewise, all the methods added will be available for all

Hi All - I have a form_for that I''m trying to convert to remote_form_for, and I keep get this error: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /usr/lib/ruby/gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token''

I am trying to write a REST web service testing locally is fine but whane I deploy the server and try test it via curl curl -i -X POST -H ''Content-Type:application/xml'' -d '''' http://mytesteddomain.tld/user/posts/createReference.xml I get an error : ERROR TYPE: ActionController::InvalidAuthenticityToken ERROR MESSAGE:

Hi all, In my application, I want seamless degradability so I use request.xhr? to check whether a request is an ajax call. However here and there, I need to use redirect_to - in this case the request is not xhr anymore, and the check doesn''t work as expected. Is there a way to make xhr- like redirect (which allow to get to another controller+action)? Thanks, - Chuong

Hi, I was trying to write a RESTful service and was planning on testing via tools such as cURL and the basic http libs. With the InvalidAuthenticityToken piece that is turned by default in Rails 2.0.2, I have to provide the token with each request. This is something of a pain for a programmable client that may not make a GET request before performing other actions, specifically POST, PUT and

Hi, I just installed Rails 2.0.2 [root@mymachine easyx]# ruby --version ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-linux] [root@mymachine easyrx]# gem install rails --include-dependencies Need to update 16 gems from http://gems.rubyforge.org ................ complete Successfully installed rails-2.0.2 [root@remandev easyrx]# But I''m getting this error in my restful_authentication

Hello All, I am getting a problem while login for inactive users. While login I am getting - Processing by Devise::SessionsController#new as HTML User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 2 LIMIT 1 Redirected to http://localhost:3000/ Filter chain halted as :require_no_authentication rendered or redirected. Inactive users

Hello i have some trouble getting my webservice to run . I have the following webservice : class DirectSpoolAPI < ActionWebService::API::Base api_method :add, :expects => [{:html=>:string},{:from=>:string}], :returns => [Customer] end class DirectSpoolService < ActionWebService::Base web_service_api DirectSpoolAPI def add(html,from) Customer.find(:first) end

Hello, I have been working through two books, "Agile Web Development with Rails, 2nd Ed." and "Ajax on Rails". I''m using Rails2.0. In both cases, I run into an authentication error when doing the examples. In AWDwR, when trying to add new information to the database (p. 68) I get ActionController::InvalidAuthenticityToken in AdminController#create

Hi all, I''ve been using a plugin called swf_fu which seemed fairly easy to implement for adding flash content to my rails app. However, I''m trying to pass a variable to my flash through rails and have the flash content pick it up. The variable is already retrieved in an earlier call to the database so I don''t believe it''s any type of authentication string

I am developing the rails with the flex.. I am following the tutorial FLEXIBLE RAILS - PETER ARMSTRONG . I followed the commands as specified in the tutorial.. my rails version is 1.2.3 and the ruby 1.8.6 I created the restful authentication and i specified the authentication.. ruby script\generate authenticated user sessions ...output omitted... I specified everything.. It worked fine upto 500

Hi there, I have my first Rails app running and I regularly get the following "logged_exception" error message: "ActionController::InvalidAuthenticityToken" Has anybody an idea what might cause this problem? Could it somehow be a "time out" error (like an "AuthenticityToken" which might expire after a certain time, or something along those lines)? Any

I have been scratching my head on this one for most of the day. Hopefully someone can help explain why before_filter isn''t working for my codes. In my Application controller, I have this: before_filter :login_required, :except => [:newacct, :create_newacct, :passwd_reset ] def login_required unless session[:user_id] flash[:notice] = "Please log in"