Autocomplete plugin with Rails 2.0

I installed the auto_complete plugin found at http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a character in the autocomplete field I get the following error:

Processing EventsController#auto_complete_for_event_location (for 127.0.0.1 at 2007-10-22 22:54:24) [POST]
Session ID: BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D–4397ccb385b2d851c2d39ad5e79fc587433843fc

Parameters: {“event”=>{“location”=>“m”}, “action”=>“auto_complete_for_event_location”, “controller”=>“admin/events”}

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in `verify_authenticity_token'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `send'

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in `call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in `run'

/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in `run_before_filters'
/usr/local/lib/ruby/

I changed the routes to include the auto_complete_for_event_location as a collection.

map.namespace(:admin) do |admin|
admin.resources :events,
:collection => { :load => :get },
:collection => { :auto_complete_for_event_location => :get}
end

The controller is protected by http authentication. Any ideas on why this is failing? TIA.

It's the crsf protection. You either need to get the autocomplete to include the token, or make it use a get request instead of a post.

Fred

Oh and of course you can turn of forgery protection for a controller/action with protect_from_forgery, eg
protect_from_forgery :only => [:foo, :bar] (see http://ryandaigle.com/articles/2007/9/24/what-s-new-in-edge-rails-better-cross-site-request-forging-prevention)

Fred

How can you manually set the token generated by Rails?

This is because I want to use this security feature, but I want to
craft my own forms, or I need to make some POST requests and I need to
set the token manually in the client :S

Thanks in advance.

How can you manually set the token generated by Rails?

I don't think you can, but you can get its value
The helpful snippet is this bit of code from the rails view helpers:

def token_tag
   unless protect_against_forgery?
    ''
   else
     tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
   end
end

Fred

Thanks for taking the time to help us :wink:

Bala Paranj wrote:

I installed the auto_complete plugin found at
http://svn.rubyonrails.org/rails/plugins/auto_complete. When I type a
character in the autocomplete field I get the following error:

Processing EventsController#auto_complete_for_event_location (for
127.0.0.1at 2007-10-22 22:54:24) [POST]
  Session ID:
BAh7BzoMY3NyZl9pZCIlMmE3MzI5MDU4NWVjNTRjMTk1ODBjMWRiYTgzNzIz%0AYWQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhh%0Ac2h7AAY6CkB1c2VkewA%3D--4397ccb385b2d851c2d39ad5e79fc587433843fc
  Parameters: {"event"=>{"location"=>"m"},
"action"=>"auto_complete_for_event_location",
"controller"=>"admin/events"}

ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/request_forgery_protection.rb:73:in
`verify_authenticity_token'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
`send'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:469:in
`call'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:442:in
`run'
    /usr/local/lib/ruby/gems/1.8/gems/actionpack-1.13.3.7707/lib/action_controller/filters.rb:713:in
`run_before_filters'
    /usr/local/lib/ruby/

I changed the routes to include the auto_complete_for_event_location as
a
collection.

map.namespace(:admin) do |admin|
    admin.resources :events,
      :collection => { :load => :get },
      :collection => { :auto_complete_for_event_location => :get}
  end

The controller is protected by http authentication. Any ideas on why
this is
failing? TIA.

Hi!

Can you showme your "routes.rb"?

I have so many problems to configure my routes with namespaces. I have
the following error:
Parameters: {"action"=>"usuarios", "persona"=>{"nombre"=>"Gre"},
"id"=>"auto_complete_for_persona_nombre", "controller"=>"admin"}

When my controller is "admin/usuarios"

My routes are:

ActionController::Routing::Routes.draw do |map|
  map.resources :telefonos
  map.resources :direcciones
  map.resources :usuarios
  map.resources :perfiles
  map.resources :personas

  map.namespace(:admin) do |admin|
    admin.resources :usuarios,
      :collection => { :load => :get },
      :collection => { :auto_complete_for_persona_nombre => :get}

    admin.resources :personas,
    admin.resources :perfiles
  end

  map.root :controller => "sesion"

  map.connect ':controller/:action/:id'
  map.connect ':controller/:action/:id.:format'
end

Tanks Elad Roz

Attachment: auto_complete_macros_helper.rb (7,6 KB)

your attachment it s work perfectly