similar to: css url paths when moving it to a different folder

Hi. I''m trying to run Getting started tutorial under Rails 4.0.0.beta1 although it assumes it runs on Rails 3. I was able to get rid of all errors by wrapping post_params here and there, and installing protected_attributes Gem for attr_accessible to make sense. Post/ comment CRUD works just fine, but I don''t seem to be able to add Tags (the final part of the tutorial). Post saved

Running "rake assets:clobber assets:precompile" will generate files like "application-xxx.css" with incorrect urls after upgrading to Rails 4. For example url(/fields/xxx.png) when it should be url(/assets/fields/xxx.png). For some unknown reason it worked once in development mode, but after running rake assets:clobber I can''t get it to work again... Any ideas

Hi Everyone, I was going through the Rails tutorial from here: http://ruby.railstutorial.org/chapters/filling-in-the-layout#top I was getting this exception on my WebRick server: Started GET "/assets/blueprint/print.css" for 127.0.0.1 at 2011-11-28 14:43:00 +0530 Served asset /blueprint/print.css - 404 Not Found (0ms) ActionController::RoutingError (No route matches [GET]

Hi, all, Happy new year :) Referring to http://guides.rubyonrails.org/asset_pipeline.html, it seems that ''require_tree .'' in myapp/app/assets/javascripts/ application.js will include all *.js files in the myapp/app/assets/ javascripts/. I have a few other *.js files in this directory : parts.js, makes.js and categories.js. Here''s an extract from the html file I

Hi, I''ve created simple ROR app and commit it to HEROKU server. When I change config.assets.enabled = true and put ''false'' then it works but doesn''t use my .css styesheets. In case config.assets.enabled = true it doesn''t work... How can I fix it? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to

Trying to add bootstrap to an app being ported to Rails 3.2.3. I get the following error: Error compiling asset application.css: Sass::SyntaxError: File to import not found or unreadable: bootstrap. Here''s my gem file: source ''http://rubygems.org'' gem ''rails'', ''3.2.9'' group :assets do gem ''sass-rails'',

Hi all, I think CSFR protection broke in rails 2.3.11. As in: it''s turned off now. I tried this in rails 2.3.10 and in 2.3.11 and 2.3.11 seems broken. >rails csrftest >cd csrftest >script/generate scaffold post title:string >rake db:migrate now I visit /posts/new in my browser, use firebug to delete or change the authenticity token, and submit the form. rails 2.3.11: all

I am running a Rails 4 app in semi-production and I constantly get exceptions from crawler bots that use a HEAD HTTP method, which causes the CSRF protection to kick in. Shouldn''t HEAD requests normally be handled like GET requests? I am not sure if I''m just being stupid or that hit is a bug somewhere. Michiel -- You received this message because you are subscribed to the

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Hello all, I''ve been trying to diagnose an issue with CSRF and Firefox specifically. I''ve got an ajax based form, using UJS (yes, I have csrf_meta_tag in my layout and I''ve tried adding the X-CSRF-Token header to the ajax beforeSend events without any luck)... The form just posts some data to an ajax method that creates, saves, and sets the session for a shopper as

Hi, I just noticed that the auto_complete plugin does not work with the CSRF protection in Rails 2.0. I''ve patched the plugin, but I''m wondering if people would like to see the official plugin fixed. If so, speak up and I will write some tests and submit the patch. Krishna --~--~---------~--~----~------------~-------~--~----~ You received this message because you are

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

Posted this on stack overflow earlier today here<http://stackoverflow.com/questions/13673969/rails-3-2-session-id-nil-until-next-request>, I really either don''t know what I''m doing, or I don''t understand how sessions are supposed to work! I''m connecting to rails from an Air app and communicating with JSON only. When the client sends a login request,

Hello, I''m trying to set the background of a page to an image I have in the assets/images folder in my rails app. However, for the life of me I cannot get it to work. When I open up and inspect the element I keep seeing in the resources that the file cannot be found with a red "!" next to the image. I have tried different paths still no avail... ../images.bg.png

In my assets I have intranet |_1.css.scss |_2.css.scss internet |_1.css.csss application.css application_internet.css application_intranet.css 1.css.scss 2.css.scss 3.css.scss intranet and internet are directories. In my layout I want to exclude the files under internet and intranet. I have created application_internet.css /* * application-internet.css * *= require_self *=

Hi all, I would like to use page caching on my homepage, but also want to enable people to sign in via a modal dialog sign in form. I could have a setup in which when a user lands on the cached homepage, an Ajax GET request pulls in the whole login form so that there is a fresh authenticity token. That said, besides the additional hit to the server, the CSRF token in the head area of the page

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

Hi all, My team and I are finding ourselves a little in the dark about the "CSRF Protection Bypass in Ruby on Rails" vulnerability that was announced yesterday - http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails 1. Where is the complete Advisory? The Impact section is very unclear. Looking at the comment in the 2.3 patch mentions "Flash animations and

As most of you would have noticed, we have now had 3 CVE-nominated security issues for SWAT in the past couple of years. At the same time, while I know many of our users use SWAT, we just don't have anybody to maintain it inside the Samba Team. Kai has made a valiant effort to at least apply the XSS and CSRF guidelines when folks make security reports, but by his own admission he isn't a

In 2fe70c1 (last year), rails changed from a static list of assets.paths to automatically register any path under assets/*. (This was not reflected in Rails Guides so I pushed an update to docrails.) However, in my opinion, these automatic asset paths create confusion. The result is that the first-level directories under `(app|lib|vendor)/assets` get swallowed and if I put assets into a