Uploading files won't work for me. The file does get saved but looking at the parameters there is no authenticity token sent by CKeditor. So I get a "Can't verify CSRF authenticity" warning, which resets the session, then I can't update the post.
The token is set in the form but CKEditor doesn't seem to send it for picture or file uploads. I think this may have been OK when I used CKE with Paperclip, but not certain of that. All other CKE operations work.
Answered at Ruby on Rails: problem getting CKeditor to upload images
You need to skip verification
skip_before_filter :verify_authenticity_token, :only => [:new_from_disk]
Please see the ckeditor code:
class Ckeditor::ApplicationController < ::ApplicationController
Please add some alike:
skip_before_filter :verify_authenticity_token
Related
I'm building an API with Rails 4 and I really want to create a Batch request method to not overload my app when doing a bunch of ajax requests.
The Railscasts shows how to do it in a simple way but there's a lot of stuff missing.
I also tried the batch_api gem but I wasn't successful integrating it with my application.
Any ideas?
I know it's being late to answer this question but I recently used batch_api gem with my Rails API (rails 5.0.0 and Ruby 2.0) and it works find with me.
What you need to do is follow the instruction of this document:
https://github.com/arsduo/batch_api
Shortly:
1- You need to add the batch_api gem to your application GemFile.
2- You need to add the required middleware configuration in you application.rb file:
config.middleware.use BatchApi::RackMiddleware do |batch_config|
# you can set various configuration options:
batch_config.verb = :put # default :post
batch_config.endpoint = "/batchapi" # default /batch
batch_config.limit = 100 # how many operations max per request, default 50
# default middleware stack run for each batch request
batch_config.batch_middleware = Proc.new { }
# default middleware stack run for each individual operation
batch_config.operation_middleware = Proc.new { }
end
3- Then restart your rails server.
Make sure to insert the new middleware in the appropriate location, in my case I needed to include it before "ActionDispatch::RequestId" middleware.
config.middleware.insert_before "ActionDispatch::RequestId", BatchApi::RackMiddleware
because I wanted to include X-Request-ID header in each request in the Batch request and this ID will be returned in each response so that I could know the response for each request in the Batch (note that the responses will be executed sequentially depending on the sequence each request in the Batch).
Apparently the batch_api gem doesn't work with rails 4 yet, but there is a fork that was started to update it to rails 4 and ruby 2.0.
https://github.com/easyPEP/batch_api/tree/feature_ruby_2
I had to secure the login view (with the simple email/password form).
I'm using devise. The thing is the sign in error messages get lost somewhere (probably redirections from http to https I guess).
I tried to do the following on my application controller:
after_filter :set_devise_flash_messages, :if => :devise_controller?
def set_devise_flash_messages
if resource.errors.any?
flash[:error] = flash[:error].to_a.concat resource.errors.full_messages
flash[:error].uniq!
end
end
private :set_devise_flash_messages
but it's not working either.
Any ideas?
Thanks!!!
So, I was missing something.
I had secured the 'new' action for the devise/sessions controllers, but I wasn't securing the 'create' action. So that was causing the loss of flash messages (in between the re directions of that action's protocol).
Cheers!
In my application i am using restful authentication for authenticating login. But the problem is whenever i login and check the logs, my password is sent in cleartext and it is easily readable. I tried many things but still the issue exists.
Any idea on how to fix this.
Found the solution.
In application.rb just add the following line, the remaining will be taken care;
config.filter_parameters << :password
I am using devise in my application for authentication. When I try to register, I get the following error:
Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true
I am using :comfirmable and had uncommented t.confirmable in the migration
In order to use confirmable module you need to configure ActionMailer that is used by devise for sending confirmation emails. First step for solving your problem is setting up mailer host in you environment.rb or in the corresponding file for a particular environment like that:
config.action_mailer.default_url_options = { :host => “example.com” }
For further steps have a look at this rails guide and answers to this question.
I got an API that I have developed using Rails 3 and Devise. I am using tokens (token_authenticatable) for authentication for requests made to the API from a client. I want to be able to switch between users in the requests just be replacing the token.
I heard about a setting called :stateless_token (boolean) but I cannot figure out where to put this setting. Is there another way?
If found the token_authenticatable here:
https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/token_authenticatable.rb
If found info about the stateless_token here:
http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable
stateless_token is deprecated as of now. This is the new form (it allows more auth strategies to be stateless):
# config/initializers/devise.rb
config.skip_session_storage = [:token_auth]
You can also edit the file /config/initializers/devise.rb and put (or uncomment, if already there) the following line:
config.stateless_token = true
It should be an option in your devise_for line in the routes file.
devise_for :users, :stateless_token => true
Let me know if that works,
In this page of documentation for devise it says that "TokenAuthenticatable adds the following options to devise_for:" with stateless token being one of them.
Also here is a link to the devise_for documentation