I have an app that I am working on and what I did was added a set of
filters on the index page that allows me to use Ajax to filter the
result set. The filters pass through to the controller index method.
That works beautifully however I ran into a cross site scripting error
with pagination.
I added protect_from_forgery unless: -> { request.format.js? }
however my js file that renders the partial now comes back as plain text
instead of HTML.
Here is the line in my index.js.erb that renders the partial…
$("#training_listing").empty().html("<%= j render “listing” %>");
If I take out the protect_from_forgery and I click on the next page for
pagination it gives me the cross site scripting error. If I put it in I
get the text rendering if I click on the next page.
Scratching my head as I am not sure how to get around this.
Anyone have any insight?
I’ll send along anything you might need to see. Didn’t want to clutter
the message with unneeded files…
John