制定会议立即.js文件调用过期[AJAX] [英] Devise session immediately expiring on .js call [AJAX]
问题描述
经过多次反复试验,我已经缩小的问题,向下跌破5号线。出于某种原因,.js文件响应结束用户会话。使用3.0.4和1.1.7设计(和jQuery 1.5)。
此外,@organization正在更新,已完成200 OK节目在日志中,这样用户就不会知道他/她被注销,直到下一个动作尝试。
任何帮助和指导,大大AP preciated。
*控制器*
1高清make_featured
2 @organization = Organization.find(PARAMS [:ID])
3 @ organization.is_featured? @ organization.update_attribute(:is_featured,假):@ organization.update_attribute(:is_featured,真)
4的respond_to做|格式|
5 format.js {渲染:行动=> 更新,:布局=>假}
6月底
7月底
和
* update.js.haml *
$(#ORGANIZATION_+#{@organization.id}).replaceWith(#{escape_javascript(渲染:部分=>用户/ supplier_view',:当地人=> {:组织=> @organization })});
非常感谢布兰登·马丁的设计谷歌集团指着我的诠释,他朝着正确的方向......
这是一个Rails 3.0.4安全修补程序的结果。
的http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
在一个小时左右,从这篇博客的工作着,这里有其他人一些提示...
- 在此问题已修复在rails.js - 所以你不用砍,打补丁,或者推倒重来
- 如果您正在使用rails.js开箱,更新 -
耙导轨:更新
(我想,但我使用自定义的rails.js文件) - 如果您使用的是自定义的rails.js文件,去获得源$ C $ C到最新的版本在这里:的 https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
- 将上面的
csrf_meta_tag
帮助您的javascript_include_tag
取值
希望帮助!
Through much trial and error, I have narrowed the problem down to line 5 below. For some reason, the .js response is ending the user session. Using 3.0.4 and devise 1.1.7 (and jQuery 1.5).
Additionally, @organization is being updated and Completed 200 OK shows in the log, so the user does no know he/she is logged out until the next action is attempted.
Any help and guidance is greatly appreciated.
*Controller*
1 def make_featured
2 @organization = Organization.find(params[:id])
3 @organization.is_featured ? @organization.update_attribute(:is_featured,"false") : @organization.update_attribute(:is_featured,"true")
4 respond_to do |format|
5 format.js {render :action => "update", :layout => false}
6 end
7 end
and
*update.js.haml*
$("#organization_" + "#{@organization.id}" ).replaceWith("#{ escape_javascript(render :partial => 'users/supplier_view', :locals => {:organization => @organization}) }");
Many thanks to Brandon Martin from the Devise Google Group for pointing me int he right direction...
This is a result of a Rails 3.0.4 security fix.
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
After an hour or so of working forward from this blog post, here are some tips for others...
- This has been fixed in rails.js - so you don't have to hack, patch, or reinvent the wheel.
- If you are using rails.js out of the box, update it -
rake rails:update
(I think, but I use a customized rails.js file) - If you are using a custom rails.js file, go get the source code to the newest version here: https://github.com/fermion/jquery-ujs/blob/master/src/rails.js
- place your
csrf_meta_tag
helper above yourjavascript_include_tag
s
Hope that helps!
这篇关于制定会议立即.js文件调用过期[AJAX]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!