ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
On most of my pages it works fine, but with some of them I just get a
blank screen.
I read somewhere that this was down to the secret key defined in
environment.rb and that it was possible to just comment this part out.
But such a simple fix alas doesn't seem to work for me.
I don't honestly need this level of authenticity so could happily live
without it. Is there a quick fix?
Thanks to anyone who can help.
--
Posted via http://www.ruby-forum.com/.
http://www.frozenplague.net
Feel free to add me to MSN and/or GTalk as this email.
What I do is that I allow the creation of a comment from a mobile device
using XML sending:
<?xml version="1.0" encoding="UTF-8"?>
<comment>
<body>Comment from curl</body>
</comment>
To http://user1:pa...@127.0.0.1.:3000/programs/1/comments
So I used protect_from_forgery :only => [:update, :destroy] to be able
to access the :create
But now it is open. As you can see in the request I put the username and
password so the comment can be created.
How should I do this in a secure way? Both regarding the
protect_from_forgery and the username and password transfer?
Thanks!