2011/8/23 Tower He <towe...@gmail.com>
> Try to update your rails.js
>
>
I guess this is the right way to do it. Thanks! For those having the same
problems, you might want to
check this article.
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
> 发自我的 iPhone
>
> 在 2011-8-23,9:21,Jim Ruther Nill <jvn...@gmail.com> 写道:
>
> Hi guys,
>
> After I've upgraded to Rails 3.0.10, the application I'm working on started
> having these http basic auth popups.
> At first I thought it was caused by me upgrading to 3.0.10 which could've
> expired all current sessions. But it's not
> that. Everytime I try to delete a record, I get the popup. I experimented
> with it for a while and found out that
> the bug is only present when I'm deleting via javascript (ie, links have
> :remote => true). If I remove the :remote => true
> lines, then everything works fine. I can confirm that it's working fine
> before in Rails 3.0.3. Any ideas?
>
> Here's the code for the link_to
>
> link_to 'Delete', post, :confirm => 'Are you sure you want to delete this
> post?', :method => :delete, :remote => true
>
> The destroy action is a standard destroy controller action (which I think
> has nothing to do with this issue but I'll include
> the code anyway).
>
> def destroy
> @post = Post.where(:id => params[:id]).first
> if @post
> authorize! :delete, @post
> @post.destroy
> end
>
> respond_to do |format|
> format.html {redirect_to posts_path}
> format.js
> end
> end
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
--
-------------------------------------------------------------
visit my blog at http://jimlabs.heroku.com
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
