p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Beginning Ruby on Rails (http://p2p.wrox.com/forumdisplay.php?f=289)
-   -   Chapter 5 - "get" works, "post" does not (http://p2p.wrox.com/showthread.php?t=67372)

davidtspf April 13th, 2008 06:35 PM

Chapter 5 - "get" works, "post" does not
 
In the first example in Chapter 5, reading from a text box, everything works when my form action line reads like this:

<form action = "\look\at">

It also works like this:

<form action = "\look\at" method = "get">

But it does not work when I use "post", as suggested on p.127:

<form action = "\look\at" method = "post">

I get a very long error in my browser that begins like this:

ActionController::InvalidAuthenticityToken in LookController#

I am running on OS X Leopard, Ruby v.1.8.6, Rails v.2.0.2. It looks like "ruby server/script" runs Mongrel, not WEBrick.

Any idea why "post" won't work?

rgonnering June 5th, 2008 12:56 PM

I have the same problem running on linux, and using WEBrick.


mprogers June 10th, 2008 04:21 PM

The problem is that in Rails 2.0.2, there is some extra authentication taking place. If you use form_tag, it will automatically create this html control for you:

<input name="authenticity_token" type="hidden" value="84fc5f10d45977c87c3ac6b88aabc0e73925cad0" />

But if you just use <form> ... </form>, that will be lacking. Just paste the above in, somewhere in the form, and it should solve the problem. It worked for me, using Rails 2.0.2, Ruby 1.8.6, Safari 3.1.1, and Mac OS X 10.5.3.

Michael


rgonnering June 12th, 2008 05:37 PM

Hi all,

I was playing around with textfields2 (p. 137) and got it to work with the following input.rhtml:


<html>
  <head>
    <title>
     Using Text Fields (2)
    </title>
  </head>
  <body bgcolor="abcdef">
    <! Comment: Title>
    <h1>
     Using Text Fields (2) to read data from text fields.
    </h1>
    <br><br>
    <! Comment: Content>
    <% form_tag '/look/at' do -%>
      <div><%= submit_tag 'Save' %></div>
      Please enter your name,
      <br>
      <%= text_field_tag 'text1', "", :size => 30 %>
      <br><br>
      <input type="submit" />
    <% end -%>
  </body>

So post worked and replacing deprecated shortcuts worked. Hurray!

I then went back to text fields and using the same code for input.html worked. I then copied the source from the webpage and inserted it into input.html. It looks like this:

<html>
  <head>
    <title>
     Using Text Fields with Post
    </title>
  </head>

  <body bgcolor="ccddee">
    <! Comment: Title>
    <h1>
     Working with Text Fields using POST
    </h1>
    <br><br>
    <! Comment: Content>
    This Ruby on Rails application lets you read data from text fields using the POST method.
    <br>
    <form action="/look/at" method="post">
    <input name="authenticity_token" type="hidden" value="2f7c0cc1a11182f149e34c4f438f7eee94f0d6c7" />
      Please enter your name,
      <br>
      <input id="text1" name="text1" size="30" type="text" value="" />
      <br><br>
      <input type="submit" />
    </form>
  </body>
</html>

It does NOT work. ActionController::InvalidAuthenticityToken error

If you see something wrong, please let me know. Since shortcuts work, I don't really need this, but it might provide some insight.

Thanks.


lizzy October 23rd, 2008 09:43 PM

Turn off CSRF (Cross-Site Request Forgery), it's function for security in Rails2.0.

Insert into your controller this line.
skip_before_filter :verify_authenticity_token

for example,
class LookController < ApplicationController
     def at
           @data = params[:text1]
     end
     skip_before_filter :verify_authenticity_token
end

There's another solution.

It's that use the form helper method in Rails instead of <FORM> tag.



All times are GMT -4. The time now is 09:39 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.