similar to: Unable to deactivate forgery protection

Has anybody solved this issue. [ http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ? NameError (undefined local variable or method `controller'' for #<LeaveController:0xb7144abc>): /app/controllers/application.rb:24:in `verify_authenticity_token''

I have a form that submits search criteria and while it is processing I wanted to use a js function to indicate: <% form_remote_tag :update => ''mainbody'', :url => {:action => ''search''}, :before => "wait_message(''mainbody'',''S E A R C H I N G'')" do%> wait_message() executes but then when

Hi all, I''m stucked in following situation: I implemented image upload feature using swfupload. The submission from swfupload cause exception ActionController::InvalidAuthenticityToken (rails 2.2) - understandable because swfupload doesn''t send valid token. I try to temporarily turn off the checking in the controller by using "skip_before_filter

Hello All, I am getting a problem while login for inactive users. While login I am getting - Processing by Devise::SessionsController#new as HTML User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 2 LIMIT 1 Redirected to http://localhost:3000/ Filter chain halted as :require_no_authentication rendered or redirected. Inactive users

You will need: skip_before_filter :verify_authenticity_token in your sessions_controller.rb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to

Hi! To send the authenticity token from flex back to the server, I followed this: http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/ I have two controllers in my rails app. The method described in the link above works with the actions in one controller, but does not work with the other. The controller which does not work has just one action which performs a file

Hi, I was trying to write a RESTful service and was planning on testing via tools such as cURL and the basic http libs. With the InvalidAuthenticityToken piece that is turned by default in Rails 2.0.2, I have to provide the token with each request. This is something of a pain for a programmable client that may not make a GET request before performing other actions, specifically POST, PUT and

Hi there, I have my first Rails app running and I regularly get the following "logged_exception" error message: "ActionController::InvalidAuthenticityToken" Has anybody an idea what might cause this problem? Could it somehow be a "time out" error (like an "AuthenticityToken" which might expire after a certain time, or something along those lines)? Any

I have the following in my view: <% form_tag :action => ''detail'' do %> Search for Sales Order Number:<br /> <%= text_field_with_auto_complete :sales_order, :id %>&nbsp; <%= submit_tag " Go "%> <% end %> And I have the following in my controller: auto_complete_for :sales_order, :id This worked fine in 1.5, but

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Hello, I have been working through two books, "Agile Web Development with Rails, 2nd Ed." and "Ajax on Rails". I''m using Rails2.0. In both cases, I run into an authentication error when doing the examples. In AWDwR, when trying to add new information to the database (p. 68) I get ActionController::InvalidAuthenticityToken in AdminController#create

Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to delete or change the authenticity token, and submit the form. rails 2.3.11: all

Hi, http://apidock.com/rails/ActionController/RequestForgeryProtection only maintains one CSRF token at a time. When a user visits some site, he gets a new token in the session. He then might open a linked site of the same rails app in a new browser tab (maybe some info he''d like to read), and again he will get a new token. Then he changes to the first tab again and submits a form

Ruby noob here. Just installed Rails 2.0, and am having trouble with updating DB tables, using the ApplicationController. My ApplicationController file looks like: class StoryController < ApplicationController protect_from_forgery :only => [:create, :update, :destroy] scaffold :story #def index #@current_time = Time.now #@story =

Hi all, I''ve been using a plugin called swf_fu which seemed fairly easy to implement for adding flash content to my rails app. However, I''m trying to pass a variable to my flash through rails and have the flash content pick it up. The variable is already retrieved in an earlier call to the database so I don''t believe it''s any type of authentication string

Hi, I have a Rails 2 app and I wand to provide an API for 3rd party applications written on any language the customer uses. My thoughts are that the best way of providing it is by taking advantage of rails RESTfulness and let them perform CRUD actions on my data through it. But I don''t seem to find many information on how to achieve this. I first want to develop .NET clients (or web

Hi, I have to enable batch uploads to my website with CURL and forgery protection in ApplicationController is standing in my way. I do use the restful authentication plugin and I do call login_required on all actions. Should I keep forgery protection around? Forgery protection only makes sure that the client request has originated from client''s session, right? Is there anything else

I am using the the authorization recipe outlined in Rails Recipes.Is it possible for one role, say ''admin'', to have access to every action on every controller without explicitly having to create a Right for each? I know this will not work as is, and to force it to do so would violate MVC, but is there some other way to accomplish having something like this in a controller:

If a user that has not yet signed up for Facebook attempts to visit an application page facebook presents them with a registration form. After this form is completed, the application is automatically added to the user''s account and Facebook displays the following message: Welcome George Tesster! Your account has been created. [application] has been added to your account. Facebook also

On Mon, 2005-09-19 at 20:58, Milos Wimmer wrote: > I send 2 streams from machine "A" to icecast server: > "cro-region-256.ogg" (224 kb/s stream) > "cro-region.ogg" (128 kb/s stream) > > and 1 backup stream from machine "B" to same icecast server: > "z-cro-region.ogg" (128 kb/s stream) > > I'm