Go to Google Groups Home    Low Pro
Re: Adding a delete confirmation

KJoyner <k...@kjoyner.com>

I have added the following that now works, except for the reload which
does not appear to be working as I intended. For completeness, I have
included my updated delete method.

var AJ =
{
  encode_authenticity_token:function( token )
  {
      return encodeURIComponent( $(token).value )
  },

  authenticity_token_query_parameter_for_page:function()
  {
      return 'authenticity_token=' + AJ.encode_authenticity_token(
        document.body.select( 'input[ name = "authenticity_token" ]' )
[ 0 ] )
  }

}

Remote.Delete = Behavior.create( Remote.Base,
{
  onclick: function( event )
  {
      if ( confirm( 'Are you sure?' ) )
      {
        var options =
        {
            url:        this.element.href.gsub( '/delete$', '' ),
            method:     'delete',
            parameters:
AJ.authenticity_token_query_parameter_for_page()
        };
        options = Object.extend( options, this.options );

        this._makeRequest( options );
        Event.addBehavior.reload();
      }
      return false;
  }

});

  def destroy
    item = Item.find( params[ :id ] )
    item.destroy

    respond_to do |wants|
      wants.html do
        redirect_to item_path
      end
      wants.js do
          @items = Item.find(:all)
          render
      end
    end
  end

On 24 Jan, 23:05, Jarkko Laine <jar...@jlaine.net> wrote:

> On 25.1.2008, at 8.05, KJoyner wrote:

> > Jarkko is correct, I am trying to create both an accessible link (when
> > Javascript is disabled) and an AJAX request when java is enabled.

> > After reading your post, I just thought to check my log to see if it
> > showed anything. It does route but shows an
> > ActionController::InvalidAuthenticityToken during a call to
> > request_forgery_protection.

> This is the new csrf killer in action :-)

> You must pass the authenticity token to the link somehow (seehttp://edgedocs.planetargon.org/classes/ActionController/RequestForge...)
> . You could for example set a header for it in the controller and then
> set the form parameter in your behaviour according to that header.

> Seehttp://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper....
>   (click "Source") for how the Rails JS helpers populate the token in
> link_to_remote.

> --
> Jarkko Lainehttp://jlaine.nethttp://dotherightthing.comhttp://www.railsecommerce....