Forum: Ruby on Rails Autocomplete plugin with Rails 2.0

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
E3640176765dae2465d33ef6eb114691?d=identicon&s=25 Bala Paranj (Guest)
on 2007-10-23 10:47
(Received via mailing list)
I installed the auto_complete plugin found at
http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a
character in the autocomplete field I get the following error:

Processing EventsController#auto_complete_for_event_location (for
127.0.0.1at 2007-10-22 22:54:24) [POST]
  Session ID:
BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc
  Parameters: {"event"=>{"location"=>"m"},
"action"=>"auto_complete_for_event_location",
"controller"=>"admin/events"}


ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in
`verify_authenticity_token'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
`send'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
`call'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in
`run'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in
`run_before_filters'
    /usr/local/lib/ruby/

I changed the routes to include the auto_complete_for_event_location as
a
collection.

map.namespace(:admin) do |admin|
    admin.resources :events,
      :collection => { :load => :get },
      :collection => { :auto_complete_for_event_location => :get}
  end

The controller is protected by http authentication. Any ideas on why
this is
failing? TIA.
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2007-10-23 12:16
(Received via mailing list)
On 23 Oct 2007, at 07:00, Bala Paranj wrote:

>   Parameters: {"event"=>{"location"=>"m"},
> action_controller/filters.rb:469:in `send'
>
It's the crsf protection. You either need to get the autocomplete to
include the token, or make it use a get request instead of a post.

Fred
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2007-10-23 12:19
(Received via mailing list)
Oh and of course you can turn of forgery protection for a controller/
action with protect_from_forgery, eg
protect_from_forgery :only => [:foo, :bar] (see http://ryandaigle.com/
articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request-
forging-prevention)

Fred
E3513c4edd6810bb4b9914b58da2a2c3?d=identicon&s=25 Jamal Soueidan (jamal)
on 2007-11-09 17:56
I have the same error, how do I disable this feature?
9cd154bd87385c597d95250177e5bca6?d=identicon&s=25 Eric Pugh (Guest)
on 2007-11-22 05:54
(Received via mailing list)
I tried out adding the exclude line:

    protect_from_forgery :only => [:tag]

However, it seems ugly that I have to add each method manually.  I
tried

    protect_from_forgery :exclude => [:auto_complete_for_tag_name]

but that didn't work.  Is this oddness a) a bug or b) just something
the docs for the plugin should discuss?
6993ac399097c0bb896fa9a250f35dcf?d=identicon&s=25 Adrián De la Cruz (Guest)
on 2007-12-13 14:32
(Received via mailing list)
How can you manually set the token generated by Rails?


This is because I want to use this security feature, but I want to
craft my own forms, or I need to make some POST requests and I need to
set the token manually in the client :S

Thanks in advance.
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2007-12-13 14:51
(Received via mailing list)
On 13 Dec 2007, at 13:31, Adrián De la Cruz wrote:

>
> How can you manually set the token generated by Rails?
>
I don't think you can, but you can get its value
The helpful snippet is this bit of code from the rails view helpers:

def token_tag
   unless protect_against_forgery?
    ''
   else
     tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
   end
end

Fred
6993ac399097c0bb896fa9a250f35dcf?d=identicon&s=25 Adrián De la Cruz (Guest)
on 2007-12-13 14:56
(Received via mailing list)
Thanks for taking the time to help us ;)
36a8a3fcf6674b002979bc2f2fd49461?d=identicon&s=25 Elad Roz (e-roz)
on 2008-01-10 14:18
Attachment: auto_complete_macros_helper.rb (8 KB)
Hi,
I've encountered the same problem and wasted hours on it (i'm new to
rails...)

I tinkered a bit with the auto_complete plug-in source, adding the
authenticity token to the parameteres sent by auto_complete_field in the
same way that
prototype_helper does it.
Here's a partial source of the updated method in the file:
\vendor\plugins\auto_complete\lib\auto_complete_macros_helper.rb.
The updated file is attached

def auto_complete_field(field_id, options = {})

    ... skip to about line 75:
    js_options[v] = options[k] if options[k]
    end

    # MY CHANGE - add the authenticity token with exactly the same code
    # from the prototype_helper:
    if protect_against_forgery?
          if js_options['parameters']
            js_options['parameters'] << " + '&"
          else
            js_options['parameters'] = "'"
          end
          js_options['parameters'] <<
"#{request_forgery_protection_token}=' +
encodeURIComponent('#{escape_javascript form_authenticity_token}')"
    end
    # END MY CHANGE

    function << (', ' + options_for_javascript(js_options) + ')')

    javascript_tag(function)
  end
D11896edfd88133795db017c0ab596db?d=identicon&s=25 Ricardo Gutiérrez (kyeeh)
on 2008-09-06 08:52
Bala Paranj wrote:
> I installed the auto_complete plugin found at
> http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a
> character in the autocomplete field I get the following error:
>
> Processing EventsController#auto_complete_for_event_location (for
> 127.0.0.1at 2007-10-22 22:54:24) [POST]
>   Session ID:
> 
BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc
>   Parameters: {"event"=>{"location"=>"m"},
> "action"=>"auto_complete_for_event_location",
> "controller"=>"admin/events"}
>
>
> ActionController::InvalidAuthenticityToken
> (ActionController::InvalidAuthenticityToken):
> 
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in
> `verify_authenticity_token'
> 
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
> `send'
> 
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
> `call'
> 
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in
> `run'
> 
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in
> `run_before_filters'
>     /usr/local/lib/ruby/
>
> I changed the routes to include the auto_complete_for_event_location as
> a
> collection.
>
> map.namespace(:admin) do |admin|
>     admin.resources :events,
>       :collection => { :load => :get },
>       :collection => { :auto_complete_for_event_location => :get}
>   end
>
> The controller is protected by http authentication. Any ideas on why
> this is
> failing? TIA.

Hi!

Can you showme your "routes.rb"?

I have so many problems to configure my routes with namespaces. I have
the following error:
 Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"},
"id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"}

When my controller is "admin/usuarios"

My routes are:

ActionController::Routing::Routes.draw do |map|
  map.resources :telefonos
  map.resources :direcciones
  map.resources :usuarios
  map.resources :perfiles
  map.resources :personas

  map.namespace(:admin) do |admin|
    admin.resources :usuarios,
      :collection => { :load => :get },
      :collection => { :auto_complete_for_persona_nombre => :get}

    admin.resources :personas,
    admin.resources :perfiles
  end

  map.root :controller => "sesion"

  map.connect ':controller/:action/:id'
  map.connect ':controller/:action/:id.:format'
end
A39043a950434cb588e0b25c4c7d1dec?d=identicon&s=25 Gerrit Lewedag (lewedag)
on 2009-02-06 15:00
Eric Pugh wrote:
> I tried out adding the exclude line:
>
>     protect_from_forgery :only => [:tag]
>
> However, it seems ugly that I have to add each method manually.  I
> tried
>
>     protect_from_forgery :exclude => [:auto_complete_for_tag_name]
>
> but that didn't work.  Is this oddness a) a bug or b) just something
> the docs for the plugin should discuss?

use :except instead of :exclude

=> protect_from_forgery :except => [:auto_complete_for_tag_name]
A39043a950434cb588e0b25c4c7d1dec?d=identicon&s=25 Gerrit Lewedag (lewedag)
on 2009-02-06 15:02
> use :except instead of :exclude
>
> => protect_from_forgery :except => [:auto_complete_for_tag_name]

http://api.rubyonrails.org/classes/ActionControlle...
853680e053ac9a3d23aa22d0df35660d?d=identicon&s=25 Ferit Öztosun (ferro_i)
on 2009-02-07 13:21
Tanks Elad Roz

Attachment: auto_complete_macros_helper.rb (7,6 KB)

your attachment it s work perfectly
This topic is locked and can not be replied to.