ActiveResource and InvalidAuthenticityToken exception

Rails
1

Hi,

I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
by using ActiveResource.

From the client, I can find, create, and update resources owned by the
web app.

However, I can not delete any. Calling the .destroy method in
ActiveResource generates a 422 from the web app.

Not sure why this would be the case, since I thought
protect_from_forgery only protects HTML and JS requests.

Any idea if this is a bug in ActiveResource that I should dig into, or
is this actually by design and I’m not understanding something about
how to achieve deletes via ActiveResource?

Thanks!
Jeff

2

Jeff C. wrote:

Hi,

I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
by using ActiveResource.

From the client, I can find, create, and update resources owned by the
web app.

However, I can not delete any. Calling the .destroy method in
ActiveResource generates a 422 from the web app.

Not sure why this would be the case, since I thought
protect_from_forgery only protects HTML and JS requests.

Any idea if this is a bug in ActiveResource that I should dig into, or
is this actually by design and I’m not understanding something about
how to achieve deletes via ActiveResource?

Thanks!
Jeff

Seeing the same thing, using edge on the client and an older snapshot of
edge on the server. Going to see if updating the server resolves the
issue tonight.

3

On Sep 29, 12:15 pm, Mike V. [email protected]
wrote:

Seeing the same thing, using edge on the client and an older snapshot of
edge on the server. Going to see if updating the server resolves the
issue tonight.

Posted viahttp://www.ruby-forum.com/.

Glad to know it’s not just me. I suspect this is a bug somewhere.

Jeff

4

Check my answer on
ruby on rails - How Do I Authenticate to ActiveResource to Avoid the InvalidAuthenticityToken Response? - Stack Overflow.
It is not a perfect solution but does provide a workaround.

5

Mike V. wrote:

Jeff C. wrote:

Hi,

I have a Rails 2.1.1 web app, and a Rails 2.1.1 app acting as a client
by using ActiveResource.

From the client, I can find, create, and update resources owned by the
web app.

However, I can not delete any. Calling the .destroy method in
ActiveResource generates a 422 from the web app.

Not sure why this would be the case, since I thought
protect_from_forgery only protects HTML and JS requests.

Any idea if this is a bug in ActiveResource that I should dig into, or
is this actually by design and I’m not understanding something about
how to achieve deletes via ActiveResource?

Thanks!
Jeff

Seeing the same thing, using edge on the client and an older snapshot of
edge on the server. Going to see if updating the server resolves the
issue tonight.

Issue persists with latest edge on client/server. :frowning:

I see there’s a ticket now, too.

http://rails.lighthouseapp.com/projects/8994/tickets/1145-bug-invalidauthenticitytoken-incorrectly-raised-for-xml-controllerdestroy-request