Autocomplete plugin with Rails 2.0

rubyonrails-talk
1

I installed the auto_complete plugin found at http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a character in the autocomplete field I get the following error:

Processing EventsController#auto_complete_for_event_location (for 127.0.0.1 at 2007-10-22 22:54:24) [POST] Session ID: BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D–4397ccb385b2d851c2d39ad5e79fc587433843fc

Parameters: {“event”=>{“location”=>“m”}, “action”=>“auto_complete_for_event_location”, “controller”=>“admin/events”}

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in `verify_authenticity_token'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `send'

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in `run'

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in `run_before_filters'
/usr/local/lib/ruby/

I changed the routes to include the auto_complete_for_event_location as a collection.

map.namespace(:admin) do |admin| admin.resources :events, :collection => { :load => :get }, :collection => { :auto_complete_for_event_location => :get} end

The controller is protected by http authentication. Any ideas on why this is failing? TIA.

2

It's the crsf protection. You either need to get the autocomplete to include the token, or make it use a get request instead of a post.

Fred

3

Oh and of course you can turn of forgery protection for a controller/action with protect_from_forgery, eg protect_from_forgery :only => [:foo, :bar] (see http://ryandaigle.com/articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request-forging-prevention)

Fred

4

How can you manually set the token generated by Rails?

This is because I want to use this security feature, but I want to craft my own forms, or I need to make some POST requests and I need to set the token manually in the client :S

Thanks in advance.

5

How can you manually set the token generated by Rails?

I don't think you can, but you can get its value The helpful snippet is this bit of code from the rails view helpers:

def token_tag    unless protect_against_forgery?     ''    else      tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)    end end

Fred

6

Thanks for taking the time to help us :wink:

7

Bala Paranj wrote:

I installed the auto_complete plugin found at http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a character in the autocomplete field I get the following error:

Processing EventsController#auto_complete_for_event_location (for 127.0.0.1at 2007-10-22 22:54:24) [POST]   Session ID: BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc   Parameters: {"event"=>{"location"=>"m"}, "action"=>"auto_complete_for_event_location", "controller"=>"admin/events"}

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):     /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in `verify_authenticity_token'     /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `send'     /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `call'     /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in `run'     /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in `run_before_filters'     /usr/local/lib/ruby/

I changed the routes to include the auto_complete_for_event_location as a collection.

map.namespace(:admin) do |admin|     admin.resources :events,       :collection => { :load => :get },       :collection => { :auto_complete_for_event_location => :get}   end

The controller is protected by http authentication. Any ideas on why this is failing? TIA.

Hi!

Can you showme your "routes.rb"?

I have so many problems to configure my routes with namespaces. I have the following error: Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"}, "id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"}

When my controller is "admin/usuarios"

My routes are:

ActionController::Routing::Routes.draw do |map|   map.resources :telefonos   map.resources :direcciones   map.resources :usuarios   map.resources :perfiles   map.resources :personas

  map.namespace(:admin) do |admin|     admin.resources :usuarios,       :collection => { :load => :get },       :collection => { :auto_complete_for_persona_nombre => :get}

    admin.resources :personas,     admin.resources :perfiles   end

  map.root :controller => "sesion"

  map.connect ':controller/:action/:id'   map.connect ':controller/:action/:id.:format' end

8

Tanks Elad Roz

Attachment: auto_complete_macros_helper.rb (7,6 KB)

your attachment it s work perfectly