You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Rack Development
I have a sinatra app that works fine on Heroku, but when requested as a page tab on facebook returns blank, and the logs read "attack prevented by Rack::Protection::RemoteToken". What is this about?
Evgeni Dzhelyov
unread,
Dec 8, 2011, 12:20:03 PM12/8/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Rack Development
Facebook requests pages via POST, and since the referrer is different, it's tripping up your app's CSRF protection
oilpastels
unread,
Dec 8, 2011, 6:54:55 PM12/8/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Rack Development
The problem is exactly what mateo described. I spoke with Konstantin Haase, the maintainer of the rack-protection gem referenced by Evgeni above, and he instructed me to:
> set :protection, :except => [:remote_token, :frame_options]
And it worked.
vzmind
unread,
Feb 24, 2012, 8:50:06 AM2/24/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to rack-...@googlegroups.com
I confirm that solve such issue. Just add
set :protection, :except => [:remote_token, :frame_options]