similar to: bypassing verify_authenticity_token before_filter when in facebook

Hi all, I''m stucked in following situation: I implemented image upload feature using swfupload. The submission from swfupload cause exception ActionController::InvalidAuthenticityToken (rails 2.2) - understandable because swfupload doesn''t send valid token. I try to temporarily turn off the checking in the controller by using "skip_before_filter

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

If a user that has not yet signed up for Facebook attempts to visit an application page facebook presents them with a registration form. After this form is completed, the application is automatically added to the user''s account and Facebook displays the following message: Welcome George Tesster! Your account has been created. [application] has been added to your account. Facebook also

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Hi All, I am working on a rails app that has facebook and non-facebook portions and since facebooker seems to want to resolve to the default route of "/" i''ve written a little before filter that seems to make these two exist OK. def is_facebook_request? redirect_to(params.merge({ :controller => ''facebook_accounts'' })) and return false if

Hi, I just created a new Rails app that will be receiving some POSTed data from the outside so it must skip the verify_authenticity_token for some create actions. Although I have added: skip_before_filter :verifiy_authenticity_token I still get InvalidAuthenticityToken. In one of my other Rails app (created back in Rails 1.2.6 and updated to 2.3.2 over time) this skipping works perfectly though,

Hello, I''m setting up an authentication module that will be called from application.rb. I want to save a rrequest.request_uri into a session to be used as a place holder that will take users back to the page they were on before they logged in. I''m trying to call the store_location method for all methods EXCEPT login by putting login in an except before filter. For some

Hi guys, I am new to this list and thought i''d say hello. I am using facebooker on a new project and so far I am really pleased with it. I saw that some users are having woes with the url_rewriter breaking urls for paths outside of the facebook canvas (i.e. your site supports both facebook and non-facebook users). I don''t have a prefect answer for this but I wrote a

Has anybody solved this issue. [ http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ? NameError (undefined local variable or method `controller'' for #<LeaveController:0xb7144abc>): /app/controllers/application.rb:24:in `verify_authenticity_token''

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

Hello All, I am getting a problem while login for inactive users. While login I am getting - Processing by Devise::SessionsController#new as HTML User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 2 LIMIT 1 Redirected to http://localhost:3000/ Filter chain halted as :require_no_authentication rendered or redirected. Inactive users

You will need: skip_before_filter :verify_authenticity_token in your sessions_controller.rb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to

Hi all, I''ve been using a plugin called swf_fu which seemed fairly easy to implement for adding flash content to my rails app. However, I''m trying to pass a variable to my flash through rails and have the flash content pick it up. The variable is already retrieved in an earlier call to the database so I don''t believe it''s any type of authentication string

Hi All - I have a form_for that I''m trying to convert to remote_form_for, and I keep get this error: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /usr/lib/ruby/gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token''

Hi there, I have my first Rails app running and I regularly get the following "logged_exception" error message: "ActionController::InvalidAuthenticityToken" Has anybody an idea what might cause this problem? Could it somehow be a "time out" error (like an "AuthenticityToken" which might expire after a certain time, or something along those lines)? Any

Hi, http://apidock.com/rails/ActionController/RequestForgeryProtection only maintains one CSRF token at a time. When a user visits some site, he gets a new token in the session. He then might open a linked site of the same rails app in a new browser tab (maybe some info he''d like to read), and again he will get a new token. Then he changes to the first tab again and submits a form

Hello, I have been working through two books, "Agile Web Development with Rails, 2nd Ed." and "Ajax on Rails". I''m using Rails2.0. In both cases, I run into an authentication error when doing the examples. In AWDwR, when trying to add new information to the database (p. 68) I get ActionController::InvalidAuthenticityToken in AdminController#create

Ruby noob here. Just installed Rails 2.0, and am having trouble with updating DB tables, using the ApplicationController. My ApplicationController file looks like: class StoryController < ApplicationController protect_from_forgery :only => [:create, :update, :destroy] scaffold :story #def index #@current_time = Time.now #@story =

When trying to understand a piece of code from the Ruby-On-Rails framework, I found that I''m still lacking knowledge about scope issues in Ruby. Here is a stripped down version of the code I''m trying to understand (in case you happen to use Rails: This is from file scaffolding.rb): module ActionController module Scaffolding .. module ClassMethods def

Hi! To send the authenticity token from flex back to the server, I followed this: http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/ I have two controllers in my rails app. The method described in the link above works with the actions in one controller, but does not work with the other. The controller which does not work has just one action which performs a file