Security warning: an embedded <script> tag on another site requested protected JavaScript.

2,133 views
Skip to first unread message

Walther Diechmann

unread,
Apr 29, 2014, 10:19:20 AM4/29/14
to comfortable-...@googlegroups.com
Hi,

I'm using the 'sofa' to extend a Rails project with CMS capabilities - and it is wonderful!

But on rare occasions I need to add just a tiny drip of JS - so I add it to a Layout, in the javascript text area, and I also add a little CSS now and then - in the css text area.

It is all being 'getted' with

{{ cms:asset:layout-1:css:html_tag }}
{{ cms:asset:layout-1:js:html_tag }}

The CSS part works like a charm

Started GET "/cms-css/1/layout-1.css" for 127.0.0.1 at 2014-04-29 15:57:02 +0200

Processing by Comfy::Cms::AssetsController#render_css as CSS

  Parameters: {"site_id"=>"1", "identifier"=>"layout-1"}

  Comfy::Cms::Site Load (0.3ms)  SELECT  `comfy_cms_sites`.* FROM `comfy_cms_sites`  WHERE `comfy_cms_sites`.`id` = 1 LIMIT 1

  Comfy::Cms::Layout Load (0.2ms)  SELECT  `comfy_cms_layouts`.* FROM `comfy_cms_layouts`  WHERE `comfy_cms_layouts`.`site_id` = 1 AND `comfy_cms_layouts`.`identifier` = 'layout-1'  ORDER BY comfy_cms_layouts.position LIMIT 1

  Rendered text template (0.0ms)

Completed 200 OK in 4ms (Views: 0.3ms | ActiveRecord: 0.5ms)


but the JS part is a whole other ball-game <:)

Started GET "/cms-js/1/layout-1.js" for 127.0.0.1 at 2014-04-29 15:57:02 +0200

Processing by Comfy::Cms::AssetsController#render_js as JS

  Parameters: {"site_id"=>"1", "identifier"=>"layout-1"}

  Comfy::Cms::Site Load (0.4ms)  SELECT  `comfy_cms_sites`.* FROM `comfy_cms_sites`  WHERE `comfy_cms_sites`.`id` = 1 LIMIT 1

  Comfy::Cms::Layout Load (0.4ms)  SELECT  `comfy_cms_layouts`.* FROM `comfy_cms_layouts`  WHERE `comfy_cms_layouts`.`site_id` = 1 AND `comfy_cms_layouts`.`identifier` = 'layout-1'  ORDER BY comfy_cms_layouts.position LIMIT 1

  Rendered text template (0.0ms)

Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

Completed 500 Internal Server Error in 5ms


ActionController::InvalidCrossOriginRequest - Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.:

  actionpack (4.1.0) lib/action_controller/metal/request_forgery_protection.rb:217:in `verify_same_origin_request'

BTW: I would be very sorry to have to lift the protect_from_forgery

In any case - thank you so much for sharing! Comfortable Mexican Sofa is a brilliant name for a brilliant piece of code!

cheers

walther

Lars Beier

unread,
May 12, 2014, 4:39:18 AM5/12/14
to comfortable-...@googlegroups.com
I have the same problem. I hope this gets resolved. I also posted this issue on StackOverflow.
Reply all
Reply to author
Forward
0 new messages