Can't get in_place_edit to work in rails 2.0 => ActionController::InvalidAuthenticityToken

Hi,

I can’t get in_place_edit to work in rails 2.0
when updating, it always fails with the error message

ActionController::InvalidAuthenticityToken

I have the following code in my controller:

class ArticlesController < ApplicationController
in_place_edit_for :article, :title

and in my view:
<%= in_place_editor_field “article” , “title” %>

any ideas how to fix this?

thanks,
Marc

Clear tmp/sessions and did you set a cookie_secret in the
environment.rb?

On Dec 21, 2007 7:30 AM, MarcS [email protected] wrote:

class ArticlesController < ApplicationController


Ryan B.

cookie_secret is set and temp/sessions is empty
but the problem is still there

any other ideas?

A backtrace on the error would be good. Find out if there’s any specific
files it points to in your application. Something’s throwing that error.

I guess the problem is the following:

When a form is being generated rails automatically adds something like
this:

The problem is that in_place_edit doesn’t seem to be adding this to
the form and therefore the InvalidAuthenticityToken is being raised.

I wonder why noone else had that problem before (at least I didn’T
find anything about it)

Any idea how to get around that?

thanks

It seems like I either have to hack prototype to make it include the
authenticity token somehow (doesn’t sound very appealing to me) or I
make rails not check the authenticity_token for that action (which I
dunno how to do and which would probably not be the best idea from a
security point of view)

No idea how to get around that, sorry.

You could try generating your own authenticity_token.

Am 20.12.2007 um 22:00 schrieb MarcS:

class ArticlesController < ApplicationController
in_place_edit_for :article, :title

and in my view:
<%= in_place_editor_field “article” , “title” %>

any ideas how to fix this?

Give it a try:

http://os.flvorful.com/super_in_place_controls


Jochen K.
figgfrosch.de / gissmoh.de / ror-ror.de / railswerk.de

It looks like it’s just a SHA1 key.

Digest::SHA1.hexdigest(“secure”)

http://dev.rubyonrails.org/browser/trunk/actionpack/test/controller/request_forgery_protection_test.rb?rev=7668

No idea where it defines the equivalent to “secure”.

On Dec 21, 2007 9:41 AM, Ryan B. [email protected] wrote:

No idea how to get around that, sorry.

You could try generating your own authenticity_token.


Ryan B.

Give it a try:

http://os.flvorful.com/super_in_place_controls

I just tried it here:

jochen

Cancel
Spinner  Saving…


…seems to work…

I put the following in my controller this to make it skip the
authenticity_token check:

protect_from_forgery :only => [:create, :delete, :update]

I only have one field in this controller that uses in_place_editor, so
I put the update for that field in
it’s own method.

My only concern is the security issues, but I haven’t found another
way around this issue yet.

thanks Jochen,

any idea if this works when I list multiple resources on the same
page?
For example, I have a project which has multiple stores and multiple
products, and needs a description per product per store. So I need to
pass the controller a store id and a product id, and then find the
description which matches or, alternatively, create one if one doesn’t
exist.

From what I saw by just quickly looking at it this won’t work with my
problem

Tested workaround:

in_place_edit_for :annotation, :text
protect_from_forgery :except => [:set_annotation_text]

You can do something like this in your view to make your authenticity
token available to your javascript in your views.

<%= javascript_tag “window._token = ‘#{form_authenticity_token}’” %>

That will make your authenticity token available to your custom
javascript Ajax requests. If you’re using prototype.js and you want to
do a custom PUT, you do something like this.

new Ajax.Request (’/products/1’, {
method: ‘put’,
parameters: ‘product[name]=chair&authenticity_token=’ +
window._token});

On Apr 6, 6:58 pm, David B. [email protected]
wrote:

You can do something like this in your view to make your authenticity

Thank you for that David. I have seen several questions around this
but afik yours is the first example of exactly how to include the
token in a js call - I’ll give it a go.

Hi,

This is what I do:

I register a global javascript variable in my view let’s say:
var authenticityToken = encodeURIComponent(’<%=
form_authenticity_token %>’)

Then I use it in my custom Protoyped Ajax calls:

parameters:‘authenticity_token=’ + authenticityToken

Hope this helps.

Cya

and, to make it work in test environment (where requests forgery
protection is disabled by default),
<%= javascript_tag “window._token = ‘#{form_authenticity_token}’” if
ActionController::Base.allow_forgery_protection %>

On Apr 6, 9:58 pm, David B. [email protected]

I just tried it here:

jochen

CancelSpinner  Saving…

…seems to work…

You can also use the form_authenticity_token() function do generate it.

Like :

Duc Tom wrote:

You can also use the form_authenticity_token() function do generate it.

Like :

I just wanted to say THANK YOU for posting about
form_autheticity_token()!!! Being new to ruby/rails, I’m not used to a
lot of the methods or procedures used within the framework. I was stuck
on trying to od a simple search when this saved me.

Thanks again!

-Tony

Hi
I m facing ActionController::InvalidAuthenticityToken problem.

i m trying to communicate two WEBrick Server with Different port.

I have 2 application

  1. Service
  2. Operation

service is running on 3000 port no and operation is running on 4000
port no
and i m trying to get the action of 3000 port from 4000 port. but
when i
trying i m get this error . could any body help me please

Thanks in Advance
Harish