authenticity-token

Rails refuses to load a session from the data sent by swfupload

I'm using swfupload's most recent version, 2.2.0 and rails 2.3.3. Having seen a number of statements to the effect that I would have to replace CGI::Session.initialize with a chunk of code to extract the session from key-value pairs injected into my form url, I incorporated the code segment into my environment.rb: require 'cgi' class C...

Remove div from authenticity_token in Rails?

How can I remove the div from authenticity_token in Ruby on Rails? Thanks. ...

Stress/load testing Ruby on Rails apps with Authenticity Tokens

My Ruby on Rails application is mostly contained behind a login page. I'd still like to be able to stress test these pages, as they have some heavy database access. Sending the username and password into a post for my login isn't difficult, but the Authenticity Token keeps changing, which makes my tests unrepeatable. Is there a way to...

How can you use Rails AuthenticityToken infrastructure to explicitly protect a GET action

Rails AuthenticityToken automatically protects POST/PUT/DELETE requests from CSRF attacks. But I have another use case in mind. I am showing a video on my site that I don't want to be embeddable on other sites. How this works is that my flash player sends a request for a signed URL from my CDN that expires in a few seconds. Up until ...

Rails - Catch 'Invalid Authenticity Token' exception

I'm currently using RESTful Authentication plug-in on my rails application. There is a typical scenario when a user stays at login screen for enough time (let's say 1 day..) that makes the authentication token invalid due to time expire. When this user tries the next day to login (he didn't refresh, he is still with this invalid token...

Ruby on Rails form page caching including authenticity_token

I have a simple Ruby on Rails form which includes an authenticity_token. Unfortunatly, I missed that when you page cache this page then the Authenticity Token becomes invalid. I'm glad I figured it out however. How do you solve caching in such a case? ...

Rails request forgery protection settings

Hey, please help a newbie in Rails :) I have protect_from_forgery call (which is given by default) with no attributes in my ApplicationController class. Basically here's the code: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time protect_from_forgery helper_method :current_user...

How do i add the authenticity token?

I recently switched to Google closure for a new project. I am having trouble adding the authenticity token to the headers in a ajax call. How do i go about it? My Ajax snippet (using goog.net.XhrIo class): var initialHTMLContent = superField[i].getCleanContents(); var data = goog.Uri.QueryData.createFromMap(new goog.structs.Map({ bo...