I installed the auto_complete plugin found at http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a character in the autocomplete field I get the following error: Processing EventsController#auto_complete_for_event_location (for 127.0.0.1at 2007-10-22 22:54:24) [POST] Session ID: BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc Parameters: {"event"=>{"location"=>"m"}, "action"=>"auto_complete_for_event_location", "controller"=>"admin/events"} ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in `verify_authenticity_token' /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `send' /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in `run' /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in `run_before_filters' /usr/local/lib/ruby/ I changed the routes to include the auto_complete_for_event_location as a collection. map.namespace(:admin) do |admin| admin.resources :events, :collection => { :load => :get }, :collection => { :auto_complete_for_event_location => :get} end The controller is protected by http authentication. Any ideas on why this is failing? TIA.
on 23.10.2007 10:47
on 23.10.2007 12:16
On 23 Oct 2007, at 07:00, Bala Paranj wrote: > Parameters: {"event"=>{"location"=>"m"}, > action_controller/filters.rb:469:in `send' > It's the crsf protection. You either need to get the autocomplete to include the token, or make it use a get request instead of a post. Fred
on 23.10.2007 12:19
Oh and of course you can turn of forgery protection for a controller/ action with protect_from_forgery, eg protect_from_forgery :only => [:foo, :bar] (see http://ryandaigle.com/ articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request- forging-prevention) Fred
on 09.11.2007 17:56
I have the same error, how do I disable this feature?
on 22.11.2007 05:54
I tried out adding the exclude line:
protect_from_forgery :only => [:tag]
However, it seems ugly that I have to add each method manually. I
tried
protect_from_forgery :exclude => [:auto_complete_for_tag_name]
but that didn't work. Is this oddness a) a bug or b) just something
the docs for the plugin should discuss?
on 13.12.2007 14:32
How can you manually set the token generated by Rails? This is because I want to use this security feature, but I want to craft my own forms, or I need to make some POST requests and I need to set the token manually in the client :S Thanks in advance.
on 13.12.2007 14:51
On 13 Dec 2007, at 13:31, Adrián De la Cruz wrote: > > How can you manually set the token generated by Rails? > I don't think you can, but you can get its value The helpful snippet is this bit of code from the rails view helpers: def token_tag unless protect_against_forgery? '' else tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token) end end Fred
on 13.12.2007 14:56
Thanks for taking the time to help us ;)
on 10.01.2008 14:18
Hi,
I've encountered the same problem and wasted hours on it (i'm new to
rails...)
I tinkered a bit with the auto_complete plug-in source, adding the
authenticity token to the parameteres sent by auto_complete_field in the
same way that
prototype_helper does it.
Here's a partial source of the updated method in the file:
\vendor\plugins\auto_complete\lib\auto_complete_macros_helper.rb.
The updated file is attached
def auto_complete_field(field_id, options = {})
... skip to about line 75:
js_options[v] = options[k] if options[k]
end
# MY CHANGE - add the authenticity token with exactly the same code
# from the prototype_helper:
if protect_against_forgery?
if js_options['parameters']
js_options['parameters'] << " + '&"
else
js_options['parameters'] = "'"
end
js_options['parameters'] <<
"#{request_forgery_protection_token}=' +
encodeURIComponent('#{escape_javascript form_authenticity_token}')"
end
# END MY CHANGE
function << (', ' + options_for_javascript(js_options) + ')')
javascript_tag(function)
end
on 06.09.2008 08:52
Bala Paranj wrote: > I installed the auto_complete plugin found at > http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a > character in the autocomplete field I get the following error: > > Processing EventsController#auto_complete_for_event_location (for > 127.0.0.1at 2007-10-22 22:54:24) [POST] > Session ID: > BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc > Parameters: {"event"=>{"location"=>"m"}, > "action"=>"auto_complete_for_event_location", > "controller"=>"admin/events"} > > > ActionController::InvalidAuthenticityToken > (ActionController::InvalidAuthenticityToken): > /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in > `verify_authenticity_token' > /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in > `send' > /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in > `call' > /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in > `run' > /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in > `run_before_filters' > /usr/local/lib/ruby/ > > I changed the routes to include the auto_complete_for_event_location as > a > collection. > > map.namespace(:admin) do |admin| > admin.resources :events, > :collection => { :load => :get }, > :collection => { :auto_complete_for_event_location => :get} > end > > The controller is protected by http authentication. Any ideas on why > this is > failing? TIA. Hi! Can you showme your "routes.rb"? I have so many problems to configure my routes with namespaces. I have the following error: Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"}, "id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"} When my controller is "admin/usuarios" My routes are: ActionController::Routing::Routes.draw do |map| map.resources :telefonos map.resources :direcciones map.resources :usuarios map.resources :perfiles map.resources :personas map.namespace(:admin) do |admin| admin.resources :usuarios, :collection => { :load => :get }, :collection => { :auto_complete_for_persona_nombre => :get} admin.resources :personas, admin.resources :perfiles end map.root :controller => "sesion" map.connect ':controller/:action/:id' map.connect ':controller/:action/:id.:format' end