This project is archived and is in readonly mode.
rails 3.0.5 problem with csrf_meta_tag
Reported by rdinca | March 24th, 2011 @ 05:03 PM
I updated the bundle and after that, an update action of mine
stopped working properly. There was no error in the logs(but
nothing was updated), and when I tried to access another page
(html) , i was automatically logged out. So I searched with
firebug, and saw a 401 error, Unauthorized access or so, so I tried
skip_before_filter :verify_authenticity_token, :only => "update"
and things worked again. Now I reverted to 3.0.3 and it works without skipping the filter, so something must have happened in the transition from 3.0.3 to 3.0.5 with csrf_meta_tag, probably not being sent properly or something!
Comments and changes to this ticket
- State changed from new to needs-more-info
- Importance changed from to Low
Are you using ajax requests? Is it possible that you're being affected by this change: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ru...
You don't mention what you're using for authentication - if you're using devise then you need to update to at least 1.1.6 to take account of the change in 3.0.4:
Yes, I am using Ajax requests... and that change might have affected me, but I used rake rails:update command and now I am getting an error in rails.js.
Uncaught TypeError: Object # has no method 'on'
(anonymous function)rails.js:128 (anonymous function)
And indeed, I do use devise for authentication, but 1.2rc2 ... so > 1.1.6.
I also add that I am using jquery, so the new error might be related to not having the proper rails.js ... but where do I get the one for jquery from, if there is one for 3.0.5 ?
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Tickets have moved to Github
The new ticket tracker is available at https://github.com/rails/rails/issues