I have a form for editing content (Rails 3.2.19)... I'm (accidentally) caching the entire form, including the CSRF token. I have confirmed that with 2 different users logged in, the CSRF is the same (caching), but both users are still able to pass CSRF protections, using a single (unintentially shared) CSRF token... were there any security errors in Rails allowing multiple users to share CSRF tokens?
I have a little admin menu in the middle of a bunch of content I want to cache with fragment caching... is there a way to exclude a pieces of HTML from the cache and have Rails populate it dynamically... so cache the HTML around a small dynamic div, and have ERB know to still render the little div, but pull from the cache instead of rending the surrounding content?
Is there a way UJS (remote: true) can handle field-specific server-side validation errors? I'm accustomed to using simple_form's f.error to render field-specific errors inline, it seems like UJS would have something similar if you return @object.errors as JSON...
sevenseacat, cool, yeah. I found https://github.com/DavyJonesLocker/client_side_validations but it's just a tad heavey it seems like, at least for this quick thing I'm trying to do now. I was hoping UJS was more integrated with form_for
can somebody take a look at my routes.rb... I'm getting an infinite loop redirect, but my *_path function is returning a correct value which does not redirect... https://gist.github.com/aguynamedben/8e07335cf1c76562d3a5
Sigma00 hmm, thanks for looking, I updated it... I'm creating a @talent_candidate, then calling redirect_to talent_candidate_path(@talent_candidate). The print works and prints the correct path, but it appears the redirect_to is redirecting to the same URL the current requests is coming in on... hence the redirect loop
Sigma00 done. I put those log statements in, but they are never getting hit during the redirect loop, so to me it looks like redirect_to is somehow looping back on the same path, even though it's printing the correct path in the log message
Sigma00 yes, basically I think... accept_talent_candidate_introduction_request_url(@talent_candidate)... for testing I am just trying to visit /talent_candidates/245/introduction_request/accept. It's getting routed correctly but the redirect is where it breaks
I used to have 2 identical functions, accept and deny... in the controller... I tried to make them one function to clean it up... hence the responded function with the 2 routes pointing to it passing the response_type parameter... I'm puzzled at how the redirect is happening and I suspect something weird with the routes.rb magic
Sigma00 yep... I forgot to copy the last end, but there are 3 ends in a row to close out the action/function for the contrller
I'm newish to Rails so I'm very curious if it's some kind of assumption in the resources/resource functionality of routes.rb... when I had this function separated into 2 function the redirect worked as expected
I don't know if having 2 get endpoints pointing to the same action is bad practice or something... I'm passing the variable to differentiate if the response is an accept or a deny
I mean, I can just undo it... and leave it... but Code Climate takes the controller from an A to an F if I do that, lol
haha, okay Sigma00, thanks for thinking about it... as a workaround I'm going to not pass the param in routes.rb... make a single "respond" endpoint, and pass the repsonse_type when generating the URL and see if a single endpoint works