similar to: form_tag and form_for cause #protect_from_forgery errors

Hello, I had an app running on RoR 1.1, now I''m migrating it to 2.1. In a view I have: <div id="user_management"> <fieldset> <legend>Please log in</legend> <% form_for(:user, :url => sessions_path) do |f| %> <p>Username: <span class="notice"><%= flash[:notice]%></ span></p>

Hi guys What does the below line says ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): -e:2:in `load'' -e:2 Please guide me -- Karthik.k Mobile - +91-9894991640

Hi, I have an advance search page and its code is as follows - I have written my code like this <div class="container"> <%= form_tag search_index_path, method: :get do %> <%= radio_button_tag ''user_type'', ''customer'' %><p>Customer</p> <%= radio_button_tag ''user_type'',

Yo, I''ve got this data POSTing from a Flash App and I need to figure out how this little <%= token_tag %> works so I can give the Flash the proper validation. See, I get this ActionController::InvalidAuthenticityToken because you know, gotta defend those POSTs, but how do I get the toke into my Flash? I''m somewhat new, so if there is some way obvious easier way then let

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

So, here''s the offending line. Note that I''m using edge rails. form_tag verifications_path(@user), :method => :post do verifications_path(@user) returns a string like "/users/3/ verifications". That eventually gets sent to url_for, which expects a hash. And then it blows up. It''s especially disconcerting since the documentation shows form_tag as

Does anyone have experience with using subdomains and rails? The example that I used to help me out was from the Advanced Rails Recipes book, but I can''t get it working as it should. I continually get authenticity token errors after logging in. I have had this error before, and for whatever reason after I added a<%= token_tag %> to the form it worked, but it doesn''t work

Hopefully someone here can help me figure out why the ERB: <% form_for(@fund, :url => {:host => PRIVATE_HOST}, :html => {:class => ''fund'', :multipart => true}) do |f| %> raises an error in my specs: No route matches {:action=>"index"} but works fine in my app and generates the following, desired HTML: <form

hi there, I want every form in the site to add a hidden_field, basically I want them to always submit the I18n.locale, I''ve tried to alias form_tag_html method of ActionView::Helpers::FormTagHelper like this: # in #{MY_APP_ROOT}/lib/action_view/helpers/form_tag_helper.rb module ActionView::Helpers::FormTagHelper def form_tag_html_with_locale(html_options) form =

Hi All, I get this strange problem with newly scaffolded apps - I''d really appreciate any help in this regard. /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/ active_support/message_verifier.rb:46:in `block in secure_compare'' /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-2.3.4/lib/ active_support/message_verifier.rb:45:in `each''

I''ve been using the login generator ''out of the box'' for simple authentication, and its been working fine. Now I want to extend it by simply adding ''type_id'' field which links to my ''user_types'' table, but I''m hitting: #<ActionController::SessionRestoreError: Session contained objects where the class definition

You have a nil object when you didn''t expect it! You might have expected an instance of Array. The error occurred while evaluating nil.<< any ideas ? Application works fine with rails 2.1.0 Sandip -- Ruby on Rails Developer http://funonrails.wordpress.com www.joshsoftware.com http://brandpotion.com (Latest project released) --~--~---------~--~----~------------~-------~--~----~

Just would like to verify: Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from Rick Olson? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

I am having a problem using the exception_logger plugin when I have protect_from_forgery enabled. Here is the line from application.rb: protect_from_forgery :secret => ''xxxx'' But I am getting: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Now, if I remove the secret and try and

What I want to do is share the same session across many Rails applications. All of them are using Rails 2.2.2. I know that, to share the session, it''s (supposedly) just a matter of sharing the same key and secret among the apps, like this: config.action_controller.session = { :session_key => ''_apps_session'', :secret =>

I try to use db-session with protect_from_forgery. But I always get a error msg: ActionController::InvalidAuthenticityToken. application_controller.rb protect_from_forgery #:secret => ''top_secret'' session_store.rb ActionController::Base.session_store = :active_record_store hope you can help me. Best regards -- Posted via http://www.ruby-forum.com/.

Should this be working in development mode? For some reason it doesn''t. regards, John

I am a newbie to Rails, coming from a PHP shop, so please excuse my ignorance. I have to applications. A Codeigniter PHP app and a Rails 3.0 app. The rails app makes paypal api calls and the php app makes curl post calls to the rails app with information from a shopping cart. How can I make this work with protect_from_forgery? I basically want to pass my own auth token from the php app (or any

Please, Can anyone help me to execute this query? SELECT * FROM table WHERE customer_id IN (SELECT IF(1 <> 2,''SELECT customer_id FROM customers'',''SELECT customer_id FROM company'')) Regards... -- Posted via http://www.ruby-forum.com/.

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the