StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POMy jquery AJAX POST requests works without sending an Authenticity Token (Rails)
primarykey
Id
3059483
data
AcceptedAnswerId
3059507
AnswerCount
3
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2010-06-17T06:52:48.173
FavoriteCount
2
LastActivityDate
2010-11-09T16:27:57.843
LastEditDate
2010-06-17T07:07:39.883
LastEditorUserId
188357
OwnerUserId
188357
ParentId
0
PostTypeId
1
Score
5
ViewCount
4724
LastEditorDisplayName
text
Body
Is there any provisions in rails that would allow all AJAX POST requests from the site to pass without an authenticity_token? I have a Jquery POST ajax call that calls a controller method, but I did not put any authenticity code in it and yet the call succeeds. My ApplicationController does have 'request_forgery_protection' and I've changed <pre><code>config.action_controller.consider_all_requests_local </code></pre> to false in my environments/development.rb I've also searched my code to ensure that I was not overloading ajaxSend to send out authenticity tokens. Is there some mechanism in play that disables the check? Now I'm not sure if my CSRF protection is working or not. I'm using Rails 2.3.5. Update for clarity: <pre><code>function voteup(url, groupid){ $.ajax({ type: "POST", url: "/groups/" + groupid + "/submissions/voteup", data: "url=" + url, dataType: 'text', success: function(data){ var counter = "vote_" + url; $('#vote_' + url.cleanify()).text(" " + data + " "); } }); }; </code></pre> I have a link which then has a 'href that calls the above function: <pre><code><a href='javascript:voteup(param1,param2)'>...</a> </code></pre>
Tags
<jquery><ruby-on-rails><ruby><ajax><csrf>
Title
My jquery AJAX POST requests works without sending an Authenticity Token (Rails)
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USDavid C
UserOwnerUserId
1. USDavid C
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POMy jquery AJAX POST requests works without sending an Authenticity Token (Rails)
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POMy jquery AJAX POST requests works without sending an Authenticity Token (Rails)
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POMy jquery AJAX POST requests works without sending an Authenticity Token (Rails)
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.