> The controller is protected by http authentication. Any ideas on
> why this is failing? TIA.
>
It's the crsf protection. You either need to get the autocomplete to
include the token, or make it use a get request instead of a post.
Fred
Fred
This is because I want to use this security feature, but I want to
craft my own forms, or I need to make some POST requests and I need to
set the token manually in the client :S
Thanks in advance.
>
> How can you manually set the token generated by Rails?
>
I don't think you can, but you can get its value
The helpful snippet is this bit of code from the rails view helpers:
def token_tag
unless protect_against_forgery?
''
else
tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
end
end
Fred
I tinkered a bit with the auto_complete plug-in source, adding the
authenticity token to the parameteres sent by auto_complete_field in the
same way that
prototype_helper does it.
Here's a partial source of the updated method in the file:
\vendor\plugins\auto_complete\lib\auto_complete_macros_helper.rb.
The updated file is attached
def auto_complete_field(field_id, options = {})
... skip to about line 75:
js_options[v] = options[k] if options[k]
end
# MY CHANGE - add the authenticity token with exactly the same code
# from the prototype_helper:
if protect_against_forgery?
if js_options['parameters']
js_options['parameters'] << " + '&"
else
js_options['parameters'] = "'"
end
js_options['parameters'] <<
"#{request_forgery_protection_token}=' +
encodeURIComponent('#{escape_javascript form_authenticity_token}')"
end
# END MY CHANGE
function << (', ' + options_for_javascript(js_options) + ')')
javascript_tag(function)
end
Attachments:
http://www.ruby-forum.com/attachment/1275/auto_complete_macros_helper.rb
Hi!
Can you showme your "routes.rb"?
I have so many problems to configure my routes with namespaces. I have
the following error:
Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"},
"id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"}
When my controller is "admin/usuarios"
My routes are:
ActionController::Routing::Routes.draw do |map|
map.resources :telefonos
map.resources :direcciones
map.resources :usuarios
map.resources :perfiles
map.resources :personas
map.namespace(:admin) do |admin|
admin.resources :usuarios,
:collection => { :load => :get },
:collection => { :auto_complete_for_persona_nombre => :get}
admin.resources :personas,
admin.resources :perfiles
end
map.root :controller => "sesion"
map.connect ':controller/:action/:id'
map.connect ':controller/:action/:id.:format'
end
use :except instead of :exclude
=> protect_from_forgery :except => [:auto_complete_for_tag_name]
Attachment: auto_complete_macros_helper.rb (7,6 KB)
your attachment it s work perfectly