[Facebooker-talk] forgery Protection

Dara dara at catch.fm
Thu Aug 21 10:35:16 EDT 2008 

FYI, the below log snippet I posted earlier is the wrong trace segment.
Apologies.
This is the correct log segment:


Processing LeaveController#index (for 208.75.184.192 at 2008-08-21 
15:24:37) [POST]
 Session ID: xxxxxxxxxxxxxxx
 Parameters: {"fb_sig_time"=>"11111111111", "fb_sig"=>"AAAAAAAAA", 
"action"=>"index", "fb_sig_call_id"=>"1111111111111", 
"controller"=>"leave", "fb_sig_network"=>"Bebo", "fb_sig_added"=>"0", 
"fb_sig_api_key"=>"BBBBBBBB", "fb_sig_uninstall"=>"1", 
"fb_sig_user"=>"CCCCCCCC"}


ActionController::InvalidAuthenticityToken 
(ActionController::InvalidAuthenticityToken):
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/request_forgery_protection.rb:86:in 
`verify_authenticity_token'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in 
`send'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in 
`evaluate_method'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:161:in 
`call'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:430:in 
`call'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:592:in 
`run_before_filters'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:578:in 
`call_filters'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:573:in 
`perform_action_without_benchmark'
   
/home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/benchmarking.rb:68:in 
`perform_action_without_rescue'
   /home/dara/apps/ruby-1.8.6/lib/ruby/1.8/benchmark.rb:293:in `measure'
   ...


Dara wrote:
> Has anybody solved this issue. [ 
> http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ?
>
> NameError (undefined local variable or method `controller' for 
> #<LeaveController:0xb7144abc>):
>    /app/controllers/application.rb:24:in `verify_authenticity_token'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in 
> `send'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:173:in 
> `evaluate_method'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/callbacks.rb:161:in 
> `call'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:430:in 
> `call'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:592:in 
> `run_before_filters'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:578:in 
> `call_filters'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/filters.rb:573:in 
> `perform_action_without_benchmark'
>    
> /home/dara/apps/ruby-1.8.6/lib/ruby/gems/1.8/gems/actionpack-2.1.0/lib/action_controller/benchmarking.rb:68:in 
> `perform_action_without_rescue'
>    /home/dara/apps/ruby-1.8.6/lib/ruby/1.8/benchmark.rb:293:in `measure'
>
> I don't have the secret commented in the environment either.
>
> Should I be trying to disable forgery protection for certain calls 
> from facebook/bebo ?
>
> Cheers
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

More information about the Facebooker-talk mailing list