It seems that rails 3.0 has some vulnerabilities when it comes to cross site forgery protection. To that end, all ajax requests that are made without a csrf token results in the user being removed from the session. In order to address this in rails with jQuery the following steps can be followed:-
1. Add the csrf meta tag in your layouts - <%= csrf_meta_tag %>
2. Download and add the rails.js from https://github.com/rails/jquery-ujs.
3. Replace <%= javascript_include_tag ':defaults %> with <%= javascript_include_tag 'jquery-1.5.1', 'application', 'rails' %>
4. Add jrails gem into your GemFile or environment.rb file.
This should get forgery protection ajax working.
Friday, April 1, 2011
Subscribe to:
Posts (Atom)
