similar to: Rails3 pre and protect_from_forgery

I am starting to BDD. When specing the controller I want to test for object creation: it "deberia crear una nueva persona en post create" do Usuario.should_receive(:create).with({:nombre => "camilo", :clave => "secreta", :tipo => "administrador"}).and_return(@usuario) post ''create'', {:usuario => {:nombre =>

Just would like to verify: Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

What I want to do is share the same session across many Rails applications. All of them are using Rails 2.2.2. I know that, to share the session, it''s (supposedly) just a matter of sharing the same key and secret among the apps, like this: config.action_controller.session = { :session_key => ''_apps_session'', :secret =>

Should this be working in development mode? For some reason it doesn''t. regards, John

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

I''m trying to use Uploadify in my project. Everything works in my machine, locally. The problem is when I use the same code in my production environment. When I try to upload a photo, it returns an error "HTTP 401", but there are no errors in the log. Rails(2.3.5) Uploadify(2.1.0) Here is my FlashSessionCookieMiddleware where the problem with the Flash authentication shoud be

I'm trying to use zfs acls in solaris 10. I've looked at past posts regarding this and some online help, but am stuck. I'm currently using samba 3.3.9; I've had the same problem with 3.3.7. samba is compiled and running as an Active Directory member server (compiled with ldap and kerberos). The zfs disk is local. I'm not using winbind. I compiled with zfsacl module.

I am having a problem using the exception_logger plugin when I have protect_from_forgery enabled. Here is the line from application.rb: protect_from_forgery :secret => ''xxxx'' But I am getting: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Now, if I remove the secret and try and

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

I am a newbie to Rails, coming from a PHP shop, so please excuse my ignorance. I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The rails app makes paypal api calls and the php app makes curl post calls to the rails app with information from a shopping cart. How can I make this work with protect_from_forgery? I basically want to pass my own auth token from the php app (or any

Can I get some +1s for this tiny patch? It fixes ActiveRecordHelper::form, which is broken by default in new applications created with Rails 2.0. http://dev.rubyonrails.org/ticket/10739 Jeremy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

For my weekend project, I''m going to get form_remote_tag and file_column playing happily together. According to my research, no one has done this yet. If you happen to have tried this, and have some workable code, send me an email. I''d rather not duplicate the effort. Thanks! -- Kyle Maxwell Chief Technologist E Factor Media // FN Interactive kyle@efactormedia.com

From: Paul Emmerich <p.emmerich at first-colo.net> Hi, the new API for initramfs and files in master lacked the ability to build initramfs objects from files loaded via HTTP/TFTP in Lua. The documentation indicated that it should be possible (and I believe I did that in an older version). I implemented a few new functions to handle files/initramfs objects better. Changes: * NEW:

Hello All, I''ve developed RoR on windowsXP have deployed that on Linux. Everythings works fine when working on windows. Things are fine on Linux too untill I try to create new entry. I tried but couldn''t find any relevent information why it should happen only to this "specific" create action. I''m saying this because different create on other forms are

All, I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST request in the application) to work. When I post this form, I see the "InvalidAuthenticityToken" error. I have protect_from_forgery :secret => ''my_secret'' set in application.rb and I am using an active_record session store based on this line in environment.rb:

There are definitely some files with some weird names- in an ssh session they don't even have regular characters. e.g -rw-rw---- 1 xxx xxx 114985112 Oct 31 14:39 ▒^t Not sure if that is related to problems though. The top command shows Memory: 12G phys mem, 343M free mem, 2048M total swap, 2048M free swap This is in the evening so should not be much load but I think

Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to delete or change the authenticity token, and submit the form. rails 2.3.11: all