Message from discussion
Adding a delete confirmation
MIME-Version: 1.0
Message-ID: <58bb3c54-3fbf-4539-bdb2-575d605b1b45@i12g2000prf.googlegroups.com>
Date: Thu, 24 Jan 2008 23:20:26 -0800 (PST)
Received: by 10.151.8.8 with SMTP id l8mr3644ybi.17.1201245626811; Thu, 24 Jan
2008 23:20:26 -0800 (PST)
In-Reply-To: <80968BCD-78C8-4F54-88AB-C1261FB83545@jlaine.net>
X-IP: 71.139.188.142
References: <8ced4378-7ea2-43f2-9ac8-05b4ad3ea287@x69g2000hsx.googlegroups.com>
<f58d8dcb0801241734l66d81ad2t5db054dc198bb089@mail.gmail.com>
<B8AC67E0-9EE3-4543-A8F3-E941CDB8B978@jlaine.net> <36189a9b-c116-48e2-bc48-a01bd2d24ae1@d70g2000hsb.googlegroups.com>
<80968BCD-78C8-4F54-88AB-C1261FB83545@jlaine.net>
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11)
Gecko/20071127 Firefox/2.0.0.11,gzip(gfe),gzip(gfe)
Subject: Re: Adding a delete confirmation
From: KJoyner <K...@kjoyner.com>
To: Low Pro <low-pro@googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
I have added the following that now works, except for the reload which
does not appear to be working as I intended. For completeness, I have
included my updated delete method.
var AJ =
{
encode_authenticity_token:function( token )
{
return encodeURIComponent( $(token).value )
},
authenticity_token_query_parameter_for_page:function()
{
return 'authenticity_token=' + AJ.encode_authenticity_token(
document.body.select( 'input[ name = "authenticity_token" ]' )
[ 0 ] )
}
}
Remote.Delete = Behavior.create( Remote.Base,
{
onclick: function( event )
{
if ( confirm( 'Are you sure?' ) )
{
var options =
{
url: this.element.href.gsub( '/delete$', '' ),
method: 'delete',
parameters:
AJ.authenticity_token_query_parameter_for_page()
};
options = Object.extend( options, this.options );
this._makeRequest( options );
Event.addBehavior.reload();
}
return false;
}
});
def destroy
item = Item.find( params[ :id ] )
item.destroy
respond_to do |wants|
wants.html do
redirect_to item_path
end
wants.js do
@items = Item.find(:all)
render
end
end
end
On 24 Jan, 23:05, Jarkko Laine <jar...@jlaine.net> wrote:
> On 25.1.2008, at 8.05, KJoyner wrote:
>
>
>
> > Jarkko is correct, I am trying to create both an accessible link (when
> > Javascript is disabled) and an AJAX request when java is enabled.
>
> > After reading your post, I just thought to check my log to see if it
> > showed anything. It does route but shows an
> > ActionController::InvalidAuthenticityToken during a call to
> > request_forgery_protection.
>
> This is the new csrf killer in action :-)
>
> You must pass the authenticity token to the link somehow (seehttp://edgedocs.planetargon.org/classes/ActionController/RequestForge...)
> . You could for example set a header for it in the controller and then
> set the form parameter in your behaviour according to that header.
>
> Seehttp://edgedocs.planetargon.org/classes/ActionView/Helpers/UrlHelper....
> (click "Source") for how the Rails JS helpers populate the token in
> link_to_remote.
>
> --
|
