Hi,
I can’t get in_place_edit to work in rails 2.0
when updating, it always fails with the error message
ActionController::InvalidAuthenticityToken
I have the following code in my controller:
class ArticlesController < ApplicationController
in_place_edit_for :article, :title
and in my view:
<%= in_place_editor_field “article” , “title” %>
any ideas how to fix this?
thanks,
Marc
Clear tmp/sessions and did you set a cookie_secret in the
environment.rb?
On Dec 21, 2007 7:30 AM, MarcS [email protected] wrote:
class ArticlesController < ApplicationController
–
Ryan B.
cookie_secret is set and temp/sessions is empty
but the problem is still there
any other ideas?
A backtrace on the error would be good. Find out if there’s any specific
files it points to in your application. Something’s throwing that error.
I guess the problem is the following:
When a form is being generated rails automatically adds something like
this:
The problem is that in_place_edit doesn’t seem to be adding this to
the form and therefore the InvalidAuthenticityToken is being raised.
I wonder why noone else had that problem before (at least I didn’T
find anything about it)
Any idea how to get around that?
thanks
It seems like I either have to hack prototype to make it include the
authenticity token somehow (doesn’t sound very appealing to me) or I
make rails not check the authenticity_token for that action (which I
dunno how to do and which would probably not be the best idea from a
security point of view)
No idea how to get around that, sorry.
You could try generating your own authenticity_token.
Am 20.12.2007 um 22:00 schrieb MarcS:
class ArticlesController < ApplicationController
in_place_edit_for :article, :titleand in my view:
<%= in_place_editor_field “article” , “title” %>any ideas how to fix this?
Give it a try:
http://os.flvorful.com/super_in_place_controls
–
Jochen K.
figgfrosch.de / gissmoh.de / ror-ror.de / railswerk.de
It looks like it’s just a SHA1 key.
Digest::SHA1.hexdigest(“secure”)
No idea where it defines the equivalent to “secure”.
On Dec 21, 2007 9:41 AM, Ryan B. [email protected] wrote:
No idea how to get around that, sorry.
You could try generating your own authenticity_token.
–
Ryan B.
I put the following in my controller this to make it skip the
authenticity_token check:
protect_from_forgery :only => [:create, :delete, :update]
I only have one field in this controller that uses in_place_editor, so
I put the update for that field in
it’s own method.
My only concern is the security issues, but I haven’t found another
way around this issue yet.
thanks Jochen,
any idea if this works when I list multiple resources on the same
page?
For example, I have a project which has multiple stores and multiple
products, and needs a description per product per store. So I need to
pass the controller a store id and a product id, and then find the
description which matches or, alternatively, create one if one doesn’t
exist.
From what I saw by just quickly looking at it this won’t work with my
problem
Tested workaround:
in_place_edit_for :annotation, :text
protect_from_forgery :except => [:set_annotation_text]
You can do something like this in your view to make your authenticity
token available to your javascript in your views.
<%= javascript_tag “window._token = ‘#{form_authenticity_token}’” %>
That will make your authenticity token available to your custom
javascript Ajax requests. If you’re using prototype.js and you want to
do a custom PUT, you do something like this.
new Ajax.Request (’/products/1’, {
method: ‘put’,
parameters: ‘product[name]=chair&authenticity_token=’ +
window._token});
On Apr 6, 6:58 pm, David B. [email protected]
wrote:
You can do something like this in your view to make your authenticity
Thank you for that David. I have seen several questions around this
but afik yours is the first example of exactly how to include the
token in a js call - I’ll give it a go.
Hi,
This is what I do:
I register a global javascript variable in my view let’s say:
var authenticityToken = encodeURIComponent(’<%=
form_authenticity_token %>’)
Then I use it in my custom Protoyped Ajax calls:
parameters:‘authenticity_token=’ + authenticityToken
Hope this helps.
Cya
and, to make it work in test environment (where requests forgery
protection is disabled by default),
<%= javascript_tag “window._token = ‘#{form_authenticity_token}’” if
ActionController::Base.allow_forgery_protection %>
On Apr 6, 9:58 pm, David B. [email protected]
I just tried it here:
jochen
CancelSaving…
…seems to work…
You can also use the form_authenticity_token() function do generate it.
Like :
Duc Tom wrote:
You can also use the form_authenticity_token() function do generate it.
Like :
I just wanted to say THANK YOU for posting about
form_autheticity_token()!!! Being new to ruby/rails, I’m not used to a
lot of the methods or procedures used within the framework. I was stuck
on trying to od a simple search when this saved me.
Thanks again!
-Tony
Hi
I m facing ActionController::InvalidAuthenticityToken problem.
i m trying to communicate two WEBrick Server with Different port.
I have 2 application
service is running on 3000 port no and operation is running on 4000
port no
and i m trying to get the action of 3000 port from 4000 port. but
when i
trying i m get this error . could any body help me please
Thanks in Advance
Harish
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs