Autocomplete plugin with Rails 2.0
Bala Paranj
Processing EventsController#auto_complete_for_event_location (for 127.0.0.1 at 2007-10-22 22:54:24) [POST]
Session ID: BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc
Parameters: {"event"=>{"location"=>"m"}, "action"=>"auto_complete_for_event_location", "controller"=>"admin/events"}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in `verify_authenticity_token'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `send'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in `run'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in `run_before_filters'
/usr/local/lib/ruby/
I changed the routes to include the auto_complete_for_event_location as a collection.
map.namespace(:admin) do |admin|
admin.resources :events,
:collection => { :load => :get },
:collection => { :auto_complete_for_event_location => :get}
end
The controller is protected by http authentication. Any ideas on why this is failing? TIA.
Frederick Cheung
> The controller is protected by http authentication. Any ideas on
> why this is failing? TIA.
>
It's the crsf protection. You either need to get the autocomplete to
include the token, or make it use a get request instead of a post.
Fred
Frederick Cheung
action with protect_from_forgery, eg
protect_from_forgery :only => [:foo, :bar] (see http://ryandaigle.com/
articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request-
forging-prevention)
Fred
Jamal Soueidan
Eric Pugh
protect_from_forgery :only => [:tag]
However, it seems ugly that I have to add each method manually. I
tried
protect_from_forgery :exclude => [:auto_complete_for_tag_name]
but that didn't work. Is this oddness a) a bug or b) just something
the docs for the plugin should discuss?
Adrián De la Cruz
This is because I want to use this security feature, but I want to
craft my own forms, or I need to make some POST requests and I need to
set the token manually in the client :S
Thanks in advance.
Frederick Cheung
On 13 Dec 2007, at 13:31, Adrián De la Cruz wrote:
>
> How can you manually set the token generated by Rails?
>
I don't think you can, but you can get its value
The helpful snippet is this bit of code from the rails view helpers:
def token_tag
unless protect_against_forgery?
''
else
tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
end
end
Fred
Adrián De la Cruz
Elad Roz
I've encountered the same problem and wasted hours on it (i'm new to
rails...)
I tinkered a bit with the auto_complete plug-in source, adding the
authenticity token to the parameteres sent by auto_complete_field in the
same way that
prototype_helper does it.
Here's a partial source of the updated method in the file:
\vendor\plugins\auto_complete\lib\auto_complete_macros_helper.rb.
The updated file is attached
def auto_complete_field(field_id, options = {})
... skip to about line 75:
js_options[v] = options[k] if options[k]
end
# MY CHANGE - add the authenticity token with exactly the same code
# from the prototype_helper:
if protect_against_forgery?
if js_options['parameters']
js_options['parameters'] << " + '&"
else
js_options['parameters'] = "'"
end
js_options['parameters'] <<
"#{request_forgery_protection_token}=' +
encodeURIComponent('#{escape_javascript form_authenticity_token}')"
end
# END MY CHANGE
function << (', ' + options_for_javascript(js_options) + ')')
javascript_tag(function)
end
Attachments:
http://www.ruby-forum.com/attachment/1275/auto_complete_macros_helper.rb
Ricardo Gutiérrez
> I installed the auto_complete plugin found at
> http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a
> character in the autocomplete field I get the following error:
>
> Processing EventsController#auto_complete_for_event_location (for
Hi!
Can you showme your "routes.rb"?
I have so many problems to configure my routes with namespaces. I have
the following error:
Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"},
"id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"}
When my controller is "admin/usuarios"
My routes are:
ActionController::Routing::Routes.draw do |map|
map.resources :telefonos
map.resources :direcciones
map.resources :usuarios
map.resources :perfiles
map.resources :personas
map.namespace(:admin) do |admin|
admin.resources :usuarios,
:collection => { :load => :get },
:collection => { :auto_complete_for_persona_nombre => :get}
admin.resources :personas,
admin.resources :perfiles
end
map.root :controller => "sesion"
map.connect ':controller/:action/:id'
map.connect ':controller/:action/:id.:format'
end
Gerrit Lewedag
use :except instead of :exclude
=> protect_from_forgery :except => [:auto_complete_for_tag_name]
Gerrit Lewedag
>
> => protect_from_forgery :except => [:auto_complete_for_tag_name]
Ferit Öztosun
Attachment: auto_complete_macros_helper.rb (7,6 KB)
your attachment it s work perfectly