Displaying 20 results from an estimated 1000 matches similar to: "protect_from_forgery doesnt protect from forgery"
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2009 Oct 09
1
protect_from_forgery development mode
Should this be working in development mode?
For some reason it doesn''t.
regards, John
2008 Dec 09
3
Rails noob confusion - HTML Form Post to Rails Controller?
I have recently been learning and trying to develop some application
parts using Rails. One issue I may have is that one of the potential
clients will want to have one of their external web pages POST to the
Rails controller.
I tried the naive approach - copy the HTML generated for the Rails
controller action for doing the same POST (Create of a domain
object). I had this working, or so I
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2009 Jun 22
2
protect_from_forgery with db-session (Rails 2.3.2)
I try to use db-session with protect_from_forgery.
But I always get a error msg:
ActionController::InvalidAuthenticityToken.
application_controller.rb
protect_from_forgery #:secret => ''top_secret''
session_store.rb
ActionController::Base.session_store = :active_record_store
hope you can help me.
Best regards
--
Posted via http://www.ruby-forum.com/.
2010 Jul 08
2
rspec-rails how to selectively turn on csrf protection for controller specs?
I''m setting up a Paypal IPN listener and need the create action to not
use rails'' default CSRF protection.
I''ve got that working fine & test it actually works with cucumber
(where I''ve turned CSRF back on, since it''s full-stack testing) but
would like my controller spec to mention the need for
protect_from_forgery :except => [:create] (and fail
2010 Feb 22
10
Error: "ActionController::InvalidAuthenticityToken"
Hi there,
I have my first Rails app running and I regularly get the following
"logged_exception" error message:
"ActionController::InvalidAuthenticityToken"
Has anybody an idea what might cause this problem? Could it somehow be a
"time out" error (like an "AuthenticityToken" which might expire after a
certain time, or something along those lines)?
Any
2008 May 08
1
disabling forgery protection
Hi,
I have to enable batch uploads to my website with CURL and forgery
protection in ApplicationController is standing in my way. I do use
the restful authentication plugin and I do call login_required on all
actions. Should I keep forgery protection around?
Forgery protection only makes sure that the client request has
originated from client''s session, right? Is there anything else
2009 May 05
3
Unable to deactivate forgery protection
Hi,
I just created a new Rails app that will be receiving some POSTed data
from the outside so it must skip the verify_authenticity_token for some
create actions. Although I have added:
skip_before_filter :verifiy_authenticity_token
I still get InvalidAuthenticityToken. In one of my other Rails app
(created back in Rails 1.2.6 and updated to 2.3.2 over time) this
skipping works perfectly though,
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All,
I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST
request in the application) to work.
When I post this form, I see the "InvalidAuthenticityToken" error.
I have
protect_from_forgery :secret => ''my_secret''
set in application.rb
and I am using an active_record session store based on this line in
environment.rb:
2010 Sep 23
1
undefined method `protect_against_forgery?' for #<ActionView
Hi guys
This is a pretty tricky one.
I get a "undefined method `protect_against_forgery?'' for
#<ActionView::Base:0x569a3d4>" error when trying to generate a partial
from ''outside'' the web site. I do this as I have a rake task that checks
for changes periodically in the background, and if it then sees a change
it rebuilds the partial and posts the result
2008 May 07
2
Question on authenticity tokens
Does anyone find them useful? I can see them being good in some cases,
but I have many exceptions that occur because of expired sessions. I am
also not sure if they are really required for pages that require a login
to access.
The other place that they cause issues is in javascript requests. I am
not using the built-in helpers, and all the javascript exists in
separate js files. There is ways
2010 Feb 09
4
Rails3 pre and protect_from_forgery
I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having
some trouble with protect_from_forgery. I had protect_from_forgery set
in application_controller.rb, but run some uploadify ajax stuff in one
of my controllers, where I had protect_from_forgery, :except
=> :add_file set.
In rails 3 I''m getting ActionController::InvalidAuthenticityToken on
the ajax
2008 Sep 06
4
Is Rails 2.1 "protect_from_forgery" == csrf_killer plugin?
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick Olson?
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
2007 Dec 23
3
InvalidAuthenticityToken problems with my login form
I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form..
I followed the recommandations :
in my environment.rb
config.action_controller.session = {
:session_key => ''myappname'',
:secret =>
2008 Mar 25
7
Facebooker::Session::SessionExpired (Session key invalid or no longer valid)
Hi All,
I''m having horrible problems with this exception, which seems to happen as
soon as I access the session object. Does anyone know what the path is to
recover from this? This post looked to be the most promising:
http://rubyforge.org/pipermail/facebooker-talk/2007-December/000047.html
And I followed all of the steps except switching my session store, and
modifying the default
2006 Mar 16
6
Sessions or lookups?
My application needs to know if a user is an administrator, for security
and aesthetic reasons. At the moment, I store true/false in the session
by doing the following at login:
session[:user_is_admin] = authenticated_user.is_admin?
Is this OK to do? Or should I really be doing the following every time:
User.find(session[:user_id]).is_admin?
(user_id is always in the session too)
Is there
2009 Oct 13
1
config.action_controller.session[:secret] vs protect_from_forgery :secret
What I want to do is share the same session across many Rails applications.
All of them are using Rails 2.2.2. I know that, to share the session, it''s
(supposedly) just a matter of sharing the same key and secret among the
apps, like this:
config.action_controller.session = {
:session_key => ''_apps_session'',
:secret =>
2008 Aug 21
4
forgery Protection
Has anybody solved this issue. [
http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ?
NameError (undefined local variable or method `controller'' for
#<LeaveController:0xb7144abc>):
/app/controllers/application.rb:24:in `verify_authenticity_token''
2009 Mar 12
5
InvalidAuthenticityToken from home page
I''m trying to create a log in in index.html, but I keep getting an error
about InvalidAuthenticityToken. I understand this is something that RoR
puts in the forms, and it changes regularly. The problem is that the
home page in the public folder is html, and therefore static. has anyone
else put a log in on their home page?
--
Posted via http://www.ruby-forum.com/.