Web Images Videos Maps News Shopping Google Mail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Low Pro
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion Adding a delete confirmation
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Follow-up To:
Add Cc | Add Follow-up to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers that you hear
 
KJoyner  
View profile   Translate to Translated (View Original)
 More options 25 Jan 2008, 07:20
From: KJoyner <K...@kjoyner.com>
Date: Thu, 24 Jan 2008 23:20:26 -0800 (PST)
Local: Fri 25 Jan 2008 07:20
Subject: Re: Adding a delete confirmation
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
I have added the following that now works, except for the reload which
does not appear to be working as I intended. For completeness, I have
included my updated delete method.

var AJ =
{
  encode_authenticity_token:function( token )
  {
      return encodeURIComponent( $(token).value )
  },

  authenticity_token_query_parameter_for_page:function()
  {
      return 'authenticity_token=' + AJ.encode_authenticity_token(
        document.body.select( 'input[ name = "authenticity_token" ]' )
[ 0 ] )
  }

}

Remote.Delete = Behavior.create( Remote.Base,
{
  onclick: function( event )
  {
      if ( confirm( 'Are you sure?' ) )
      {
        var options =
        {
            url:        this.element.href.gsub( '/delete$', '' ),
            method:     'delete',
            parameters:
AJ.authenticity_token_query_parameter_for_page()
        };
        options = Object.extend( options, this.options );

        this._makeRequest( options );
        Event.addBehavior.reload();
      }
      return false;
  }

});

  def destroy
    item = Item.find( params[ :id ] )
    item.destroy

    respond_to do |wants|
      wants.html do
        redirect_to item_path
      end
      wants.js do
          @items = Item.find(:all)
          render
      end
    end
  end

On 24 Jan, 23:05, Jarkko Laine <jar...@jlaine.net> wrote:

> On 25.1.2008, at 8.05, KJoyner wrote:

> > Jarkko is correct, I am trying to create both an accessible link (when
> > Javascript is disabled) and an AJAX request when java is enabled.

> > After reading your post, I just thought to check my log to see if it
> > showed anything. It does route but shows an
> > ActionController::InvalidAuthenticityToken during a call to
> > request_forgery_protection.

> This is the new csrf killer in action :-)

> You must pass the authenticity token to the link somehow (seehttp://edgedocs.planetargon.org/classes/ActionController/RequestForge...)
> . You could for example set a header for it in the controller and then
> set the form parameter in your behaviour according to that header.

> Seehttp://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper....
>   (click "Source") for how the Rails JS helpers populate the token in
> link_to_remote.

> --
> Jarkko Lainehttp://jlaine.nethttp://dotherightthing.comhttp://www.railsecommerce....


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google