similar to: Ajax CSRF in Rails3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Stephan, GETSCRIPT does not return a literal, there is the + character missing before }: diff -r bcebda39c0ed src/managesieve/cmd-getscript.c - --- a/src/managesieve/cmd-getscript.c Mon Feb 18 14:13:12 2008 +0100 +++ b/src/managesieve/cmd-getscript.c Fri Feb 29 11:52:00 2008 +0100 @@ -112,7 +112,7 @@ return

I am running a Rails 4 app in semi-production and I constantly get exceptions from crawler bots that use a HEAD HTTP method, which causes the CSRF protection to kick in. Shouldn''t HEAD requests normally be handled like GET requests? I am not sure if I''m just being stupid or that hit is a bug somewhere. Michiel -- You received this message because you are subscribed to the

I''m going to go out on a limb here and say the new CSRF protection in Rails is flawed. Why? Forget about caching if you care to use it. Consider the following: <% cache do %> <%= link_to_remote "Add To Favorites", :url => {:controller => "favorites", :action => "create", "movie_id" => 2} %> <% end %> # Output <a

Hi all, I would like to use page caching on my homepage, but also want to enable people to sign in via a modal dialog sign in form. I could have a setup in which when a user lands on the cached homepage, an Ajax GET request pulls in the whole login form so that there is a fresh authenticity token. That said, besides the additional hit to the server, the CSRF token in the head area of the page

When you generate a default Rails app, it puts this in application.html.erb: <%= csrf_meta_tags %> It does this so the remote forms can be submitted--i.e., so JavaScript can submit a form. When jquery-rails is about to submit a form, it looks for the <meta> tags named "csrf-param" and "csrf-token" and from them it constructs a hidden

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Hallo, I want to test the csrf protection of my application but forgery protection is not working with jquery ajax request. I have used Unobtrusive Javascript with jquery I have removed the <%= csrf_meta_tag %> so that my application do not include authenticity token. In my view I have the following code $(function () { $(''#alert'').click(function () { $.ajax({

Hi all, My team and I are finding ourselves a little in the dark about the "CSRF Protection Bypass in Ruby on Rails" vulnerability that was announced yesterday - http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails 1. Where is the complete Advisory? The Impact section is very unclear. Looking at the comment in the 2.3 patch mentions "Flash animations and

Hello all, I''ve been trying to diagnose an issue with CSRF and Firefox specifically. I''ve got an ajax based form, using UJS (yes, I have csrf_meta_tag in my layout and I''ve tried adding the X-CSRF-Token header to the ajax beforeSend events without any luck)... The form just posts some data to an ajax method that creates, saves, and sets the session for a shopper as

Hi, I just noticed that the auto_complete plugin does not work with the CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m wondering if people would like to see the official plugin fixed. If so, speak up and I will write some tests and submit the patch. Krishna --~--~---------~--~----~------------~-------~--~----~ You received this message because you are

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

Hi All, I want to refresh a partial onClick, onClick i am making ajax call and getting the data but i am unable to refresh the partial. here is the code IN views: home.html.erb $(document).ready(function() { var currentCellText; $(".inline").click(function() { currentCellText = $(this).text(); $.ajax({ type: ''GET'', dataType: "json",

This has been probably fixed in meantime, because I use dovecot 1.1 still, but I'd like to get you to know. Use of UTF-8 characters inside quoted-string doesn't work. C: GETSCRIPT "???w" S NO "Error in MANAGESIEVE command GETSCRIPT: String contains invalid character." -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl]

With all the mess that my email has become, it makes sense for me to try to make use of Sieve, but I'm having quite the time finding out how to make it work. I'm running 1.0.13 on a Debian machine. Sieve appears to be compiled with it. I can access managesieve, and I have set up dovecot.conf with lda. I do not get a NO response when I PUTSCRIPI, but LISTSCRIPTS produces no result, so I

Hi all I am puzzled about the rspec tests that are generated by Rails3 scaffolding. I am however not sure if this is the correct place to discuss this issue. It might be that a rails ML/chat is better suited for that kind of discussion. It just depends on who is responsible for that code. Somehow I am too stupid to find that out, so please bare with me if I produced only noise here. Cheers

I am porting one application to Rails3 and want to know what is the right way to do "observe_field" with Rails3? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to

What is the best solution for handling blob database storage with rails3? I used attachment_fu before, but it doesn''t seem to work well with rails3. Anyone got it working? paperclip seems nice, but i need database storage for backups and security. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group,

Hi, Is it possible to implement callbacks(like before_deliver :some_methodes, after_deliver :other_methods) with ActionMailer in Rails3? Please somebody help me or give me an idea :) Already I saw http://railscasts.com/episodes/206-action-mailer-in-rails-3 but it I like to do it as callbacks -- Best Regards Abdul Barek Senior Software Engineer -- You received this message because you are

Hello, I''m playing around with Rails3 and trying to upgrade one of my applications to Rails 3.0.0.rc and I get an error which should be still working. Migration: t.index :name When I execute rake: rake aborted! An error has occurred, all later migrations canceled: undefined method `index'' for #<ActiveRecord::ConnectionAdapters::TableDefinition:0x4b2b6b0> Does some one

Hi everybody, I''m trying to use the prawn gem into a new rails3 application on debian. What I did: As root: - install rubygems, from http://rubyforge.org/frs/download.php/73882/rubygems-1.4.2.tgz - gem install rails - gem install prawn - gem install pdf-reader - gem list | grep prawn => prawn (0.8.4) prawn-core (0.8.4) prawn-layout (0.8.4)