similar to: config.action_controller.session[:secret] vs protect_from_forgery :secret

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

I am starting to BDD. When specing the controller I want to test for object creation: it "deberia crear una nueva persona en post create" do Usuario.should_receive(:create).with({:nombre => "camilo", :clave => "secreta", :tipo => "administrador"}).and_return(@usuario) post ''create'', {:usuario => {:nombre =>

I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret =>

i start the server but it exits right away, I ran the rake to update and changed the version string in config.rb. Any thoughts on this matter would be appreciated. i imagine that it has something to do with the session, but i am not able to figure it out. my config/config.rb has the following config.action_controller.session = { :session_key => ''c3_rails_session'',

when setting it in my environment.rb config.action_controller.session = { :session_key => ''_myapp_session'', :secret => ''3a64394bb895f1f05e0c07f71127d93d'' } I cannot get it back in the script/console .. :session_key=>"_session_id" !!! why ? >> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS =>

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

I am using the restful authentication plugin and am always prompted to login if a different subdomain is accessed. I have found a couple rails "solutions", but none of them seem to work: # development.rb 1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = ".localhost" 2. ActionController::Base.session_options[:key] = ".localhost" Does anyone

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

Just would like to verify: Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

Hello list, So, the application I am working on right now needs to have LDAP authentication build in, meaning that if the user enabled it, we will query about his basic data (email,pwd) on a user-setup LDAP directory. It used to work fine when I was testing with OpenLDAP. The code, essentially, is this: connection.bind(self.bind_dn,self.password)

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

I am having a problem using the exception_logger plugin when I have protect_from_forgery enabled. Here is the line from application.rb: protect_from_forgery :secret => ''xxxx'' But I am getting: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Now, if I remove the secret and try and

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:

I am a newbie to Rails, coming from a PHP shop, so please excuse my ignorance. I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The rails app makes paypal api calls and the php app makes curl post calls to the rails app with information from a shopping cart. How can I make this work with protect_from_forgery? I basically want to pass my own auth token from the php app (or any

Should this be working in development mode? For some reason it doesn''t. regards, John

Hello list, I wonder if someone could help me understand the following: I''ve got a managed dedicated server with GoDaddy. Until now, I''ve only hosted PHP applications there. I now need to set it up to host my new beloved Rails application. I asked them to set up apache with mod_proxy_balancer for the mongrel cluster, however, here''s what they told me: *Unfortunately,

Per the last thread about link_to_remote I started comparing some of my app config settings with that in the Facebook Platform Development guide and have a few questions. 1. application.rb config.action_controller.session_store = :active_record_store config.action_controller.session = { :session_key => "_xxx_session", :secret => "65bfb267dc928c66f3d0714d89faf43e"

I have a User model, a Post model, and an Interest model: User has_many posts through interests User has_many interests, dependent destroy Post has_many users through interests has_many interests, dependent destroy Post has_many interests Interest belongs to Post Interest belongs to User Application_Controller is as follows: class ApplicationController < ActionController::Base before_filter