Displaying 20 results from an estimated 500 matches similar to: "Rails3 pre and protect_from_forgery"
2008 Mar 15
3
[HELP]No :secret given to the #protect_from_forgery call
I am starting to BDD. When specing the controller I want to test for
object creation:
it "deberia crear una nueva persona en post create" do
Usuario.should_receive(:create).with({:nombre => "camilo", :clave
=> "secreta", :tipo => "administrador"}).and_return(@usuario)
post ''create'', {:usuario => {:nombre =>
2008 Sep 06
4
Is Rails 2.1 "protect_from_forgery" == csrf_killer plugin?
Just would like to verify:
Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick Olson?
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
2009 Jun 09
3
protect_from_forgery doesnt protect from forgery
Maybe I am grasping the full usage of this protect_from_forgery
function, but it does not seem to work for me. Imagine the following:
A simple website with a user that needs to log in to do certain stuff
and a closed off admin section that only certain users can access that
have the is_admin field set to true.
So to be clear, my User model has a login, password and is_admin.
When displaying the
2009 Oct 13
1
config.action_controller.session[:secret] vs protect_from_forgery :secret
What I want to do is share the same session across many Rails applications.
All of them are using Rails 2.2.2. I know that, to share the session, it''s
(supposedly) just a matter of sharing the same key and secret among the
apps, like this:
config.action_controller.session = {
:session_key => ''_apps_session'',
:secret =>
2009 Oct 09
1
protect_from_forgery development mode
Should this be working in development mode?
For some reason it doesn''t.
regards, John
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
2007 Oct 03
2
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
After switching to active_record_store to host sessions, I now get the
following errors:
ActionController::InvalidAuthenticityToken in Pages#edit
Showing app/views/pages/edit.html.erb where line #5 raised:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Extracted source (around line #5):
2:
3:
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2010 Apr 01
4
POST-only logic in protect_from_forgery considered harmful?
Hi folks,
I am just getting into rails again after a multi-year stint of
mod_perl jobs, which might grant me some newbie-indemnity for the time
being - but I''ve found an issue I think warrants discussion.
As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
- the CSRF protection feature does not kick in for GET requests. This
2010 Mar 04
0
Uploadify authentication problem
I''m trying to use Uploadify in my project. Everything works in my
machine, locally. The problem is when I use the same code in my
production environment.
When I try to upload a photo, it returns an error "HTTP 401", but there
are no errors in the log.
Rails(2.3.5)
Uploadify(2.1.0)
Here is my FlashSessionCookieMiddleware where the problem with the Flash
authentication shoud be
2009 Oct 21
1
zfs acls and MS office applications
I'm trying to use zfs acls in solaris 10. I've looked at past posts
regarding this and some online help, but am stuck. I'm currently using
samba 3.3.9; I've had the same problem with 3.3.7. samba is compiled
and running as an Active Directory member server (compiled with ldap and
kerberos). The zfs disk is local. I'm not using winbind. I compiled
with zfsacl module.
2008 Sep 23
0
exception_logger and protect_from_forgery
I am having a problem using the exception_logger plugin when I have
protect_from_forgery enabled.
Here is the line from application.rb:
protect_from_forgery :secret => ''xxxx''
But I am getting:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Now, if I remove the secret and try and
2009 Jun 22
2
protect_from_forgery with db-session (Rails 2.3.2)
I try to use db-session with protect_from_forgery.
But I always get a error msg:
ActionController::InvalidAuthenticityToken.
application_controller.rb
protect_from_forgery #:secret => ''top_secret''
session_store.rb
ActionController::Base.session_store = :active_record_store
hope you can help me.
Best regards
--
Posted via http://www.ruby-forum.com/.
2010 Sep 10
0
protect_from_forgery
I am a newbie to Rails, coming from a PHP shop, so please excuse my
ignorance.
I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The
rails app makes paypal api calls and the php app makes curl post calls
to the rails app with information from a shopping cart.
How can I make this work with protect_from_forgery? I basically want to
pass my own auth token from the php app (or any
2008 Jan 08
3
Unbreak ActiveRecordHelper::form() when protect_from_forgery is used
Can I get some +1s for this tiny patch? It fixes
ActiveRecordHelper::form, which is broken by default in new
applications created with Rails 2.0.
http://dev.rubyonrails.org/ticket/10739
Jeremy
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to
2006 Feb 04
5
file_column + form_remote_tag
For my weekend project, I''m going to get form_remote_tag and
file_column playing happily together. According to my research, no
one has done this yet. If you happen to have tried this, and have
some workable code, send me an email. I''d rather not duplicate the
effort.
Thanks!
--
Kyle Maxwell
Chief Technologist
E Factor Media // FN Interactive
kyle@efactormedia.com
2016 Nov 04
4
[PATCH 0/2] improve Lua API for files and initramfs objects
From: Paul Emmerich <p.emmerich at first-colo.net>
Hi,
the new API for initramfs and files in master lacked the ability to build
initramfs objects from files loaded via HTTP/TFTP in Lua. The documentation
indicated that it should be possible (and I believe I did that in an older
version). I implemented a few new functions to handle files/initramfs
objects better.
Changes:
* NEW:
2006 Jun 07
3
ActionController::UNKnownAction (No action responded to crea
Hello All,
I''ve developed RoR on windowsXP have deployed that on Linux. Everythings
works fine when working on windows. Things are fine on Linux too untill
I try to create new entry. I tried but couldn''t find any relevent
information why it should happen only to this "specific" create action.
I''m saying this because different create on other forms are
2008 Mar 19
7
Upgrade to 2.0.2: InvalidAuthenticityToken error on 1st POST
All,
I''ve upgraded to 2.0.2, and I can''t get my login screen (the first POST
request in the application) to work.
When I post this form, I see the "InvalidAuthenticityToken" error.
I have
protect_from_forgery :secret => ''my_secret''
set in application.rb
and I am using an active_record session store based on this line in
environment.rb:
2016 Nov 30
2
slow directory access, convert_string_internal: Conversion error: Incomplete multibyte sequence
There are definitely some files with some weird names- in an ssh session they don't even have regular characters.
e.g
-rw-rw---- 1 xxx xxx 114985112 Oct 31 14:39 ▒^t
Not sure if that is related to problems though.
The top command shows
Memory: 12G phys mem, 343M free mem, 2048M total swap, 2048M free swap
This is in the evening so should not be much load but I think
2011 Feb 11
11
CSRF protection in rails 2.3.11
Hi all,
I think CSFR protection broke in rails 2.3.11.
As in: it''s turned off now.
I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken.
>rails csrftest
>cd csrftest
>script/generate scaffold post title:string
>rake db:migrate
now I visit /posts/new in my browser, use firebug to delete or change
the authenticity token, and submit the form.
rails 2.3.11: all