Message from discussion
Adding a delete confirmation
Received: by 10.35.126.2 with SMTP id d2mr389669pyn.1.1201244725093;
Thu, 24 Jan 2008 23:05:25 -0800 (PST)
Return-Path: <jarks...@gmail.com>
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153])
by mx.google.com with ESMTP id z53si2036121pyg.1.2008.01.24.23.05.24;
Thu, 24 Jan 2008 23:05:25 -0800 (PST)
Received-SPF: pass (google.com: domain of jarks...@gmail.com designates 72.14.220.153 as permitted sender) client-ip=72.14.220.153;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of jarks...@gmail.com designates 72.14.220.153 as permitted sender) smtp.mail=jarks...@gmail.com; dkim=pass (test mode) header...@gmail.com
Received: by fg-out-1718.google.com with SMTP id e12so492359fga.5
for <low-pro@googlegroups.com>; Thu, 24 Jan 2008 23:05:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer:sender;
bh=VeAndd4Q9VSYy38auQeSGTDKR5kb7Jsj8Z6yIjX1Kjo=;
b=Oa9bVJMOlA19G+HZr55kdoVzD89ME+PAa/Q8NvL/SiZhscX24HWWrhic18fKE//aVSMEMFrae5fP1WEgnhyRqTe5SmBAwAVNbRZNO5Apkf4jrXQrtnFlohhCH2f9vrargb7QhLcuW0IxIMwuaVi0iACaMOG2Kf8wsMV3oRzqF6E=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer:sender;
b=WQienVdaR8q68I6FBv1/HG5Z4XakkN6LSRcV5EnipgHk+URtWHGsVpcuNTcH2OK8HTHQXbB82RNNe0KmuQ6Ty4E3nuYNlm1nhmPZauD8DAu+ZAIDhPlwGQC5LFFII4BIPs1tVSYJFcSOXeht3YMh/y5Py3ZW4XHKAP25PBCgsKA=
Received: by 10.78.170.6 with SMTP id s6mr2174545hue.50.1201244723466;
Thu, 24 Jan 2008 23:05:23 -0800 (PST)
Return-Path: <jarks...@gmail.com>
Received: from Probutanol.lan ( [91.153.207.11])
by mx.google.com with ESMTPS id d24sm1362448nfh.19.2008.01.24.23.05.22
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 24 Jan 2008 23:05:22 -0800 (PST)
Message-Id: <80968BCD-78C8-4F54-88AB-C1261FB83...@jlaine.net>
From: Jarkko Laine <jar...@jlaine.net>
To: low-pro@googlegroups.com
In-Reply-To: <36189a9b-c116-48e2-bc48-a01bd2d24...@d70g2000hsb.googlegroups.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v915)
Subject: Re: Adding a delete confirmation
Date: Fri, 25 Jan 2008 09:05:20 +0200
References: <8ced4378-7ea2-43f2-9ac8-05b4ad3ea...@x69g2000hsx.googlegroups.com> <f58d8dcb0801241734l66d81ad2t5db054dc198bb...@mail.gmail.com> <B8AC67E0-9EE3-4543-A8F3-E941CDB8B...@jlaine.net> <36189a9b-c116-48e2-bc48-a01bd2d24...@d70g2000hsb.googlegroups.com>
X-Mailer: Apple Mail (2.915)
Sender: Jarkko Laine <jarks...@gmail.com>
On 25.1.2008, at 8.05, KJoyner wrote:
>
> Jarkko is correct, I am trying to create both an accessible link (when
> Javascript is disabled) and an AJAX request when java is enabled.
>
> After reading your post, I just thought to check my log to see if it
> showed anything. It does route but shows an
> ActionController::InvalidAuthenticityToken during a call to
> request_forgery_protection.
This is the new csrf killer in action :-)
You must pass the authenticity token to the link somehow (see http://edgedocs.planetargon.org/classes/ActionController/RequestForgeryProtection.html)
. You could for example set a header for it in the controller and then
set the form parameter in your behaviour according to that header.
See http://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper.html#M001908
(click "Source") for how the Rails JS helpers populate the token in
link_to_remote.
--
Jarkko Laine
http://jlaine.net
http://dotherightthing.com
http://www.railsecommerce.com
http://odesign.fi
|
