[Facebooker-talk] problem doing a CRUD update?

Allen Walker auswalk at gmail.com
Thu Sep 18 03:58:34 EDT 2008 

Yeah that didn't work:

<%=link_to("Delete", url_for(:controller => "articles", :action =>
"destroy", :id  => a\rticle, :_method => :delete, :canvas=>true),
:confirm => 'Are you sure?'  )%>

Still get:

ActionController::InvalidAuthenticityToken in ArticlesController#destroy

ActionController::InvalidAuthenticityToken

In a form there is a hidden field for the token - autogenerated. In
the link_to there isn't.

And yes I own both the pdf and the book that hasn't been released ;)

On Thu, Sep 18, 2008 at 2:49 AM, Tres Wong-Godfrey
<tres.wong-godfrey at saniq.com> wrote:
>
> Usually you see the InvalidAuthenticityToken when stuff is being posted directly back to your server when you didn't really want to be. You'd need a :canvas => true in your url generation function in order to avoid that kind of problem.
>
>
> I'd really recommend checking out Mike's book http://pragprog.com/titles/mmfacer/developing-facebook-platform-applications-with-rails
>
> It's not on paper yet, but you can get the PDF version right now.
>
> It's well worth the cost -- it will get you up and running faster and with less frustration than the oft conflicting tutorials that are out there.
>
>
>
>
> On Sep 18, 2008, at 12:09 AM, Allen Walker wrote:
>
>> I'm now trying to do a "destroy". I do this:
>>
>> <%=link_to("Delete", url_for(:controller => "articles", :action => "destroy", :id  => article, :_method => :delete), :confirm => 'Are you sure?'  )%>
>> When i execute it, i get:
>>
>>
>> ActionController::InvalidAuthenticityToken in ArticlesController#destroy
>>
>> ActionController::InvalidAuthenticityToken
>>
>>
>> If I comment out "protect_from_forgery  :secret => 'xx'" in application.rb I get when i just try to view the page:
>>
>> ActionView::TemplateError (No :secret given to the #protect_from_forgery call.  Set that or use a session store capable of generating its own keys (Cookie Session Store).)
>>
>>
>>
>>
>> Tres Wong-Godfrey wrote:
>>>
>>> Try something like this:
>>> form_for :article, :url => { :action => "update", :id => @article }, :html => { :method => :put } do |f|
>>>
>>> That should give you the 'PUT' method.
>>>
>>>
>>> On Sep 17, 2008, at 11:09 PM, Allen Walker wrote:
>>>
>>>> This appears to be some kind of routing issue since facebook wraps everything in a post... so here's what I'm doing:
>>>>
>>>> <% form_for :article, :url => { :action => "update", :id => @article } do |f| %>                                                    <%= render :partial => "form", :locals => { :f => f } %>
>>>> <% end -%>
>>>> renders:
>>>>
>>>> <form action="/myapp/articles/7" method="post">
>>>>
>>>> ....
>>>> </form>
>>>> The form comes up populated with the model data, but I submit though I get:
>>>>
>>>>
>>>> Unknown action
>>>>
>>>> No action responded to 7
>>>>
>>>>
>>>>
>>>> In the rake routes the "update" requires a HTTP "put" so I'm wondering if that is causing the problem.
>>>>
>>>> thanks
>>>> _______________________________________________
>>>> Facebooker-talk mailing list
>>>> Facebooker-talk at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>



--
http://auswalk.blogspot.com

More information about the Facebooker-talk mailing list