ActionController::InvalidAuthenticityToken (ActionController

milazzo · December 23, 2007, 5:22pm

having just updated to Rails 2.0 I’m getting problems with:

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):

On most of my pages it works fine, but with some of them I just get a
blank screen.

I read somewhere that this was down to the secret key defined in
environment.rb and that it was possible to just comment this part out.
But such a simple fix alas doesn’t seem to work for me.

I don’t honestly need this level of authenticity so could happily live
without it. Is there a quick fix?

Thanks to anyone who can help.

milazzo · December 23, 2007, 11:47pm

Set this in your controller class definition
protect_from_forgery :only => [:create, :update, :destroy]

On Dec 24, 2007 2:52 AM, dc dc [email protected] wrote:

environment.rb and that it was possible to just comment this part out.

–
Ryan B.

Feel free to add me to MSN and/or GTalk as this email.

milazzo · March 20, 2008, 3:14pm

Hi guys,

What I do is that I allow the creation of a comment from a mobile device
using XML sending:

<?xml version="1.0" encoding="UTF-8"?> Comment from curl

To http://user1:[email protected].:3000/programs/1/comments

So I used protect_from_forgery :only => [:update, :destroy] to be able
to access the :create

But now it is open. As you can see in the request I put the username and
password so the comment can be created.

How should I do this in a secure way? Both regarding the
protect_from_forgery and the username and password transfer?

Thanks!

milazzo · April 9, 2008, 6:41pm

The protect_from_forgery :only => [:create, :update, :destroy] is
exactly what i needed to make my auto_complete work. Thanks alot

milazzo · April 19, 2008, 10:47am

could you try to include prototype in your layout? It’s work for me