[Code] Rails + JQuery + ruby-openid = BZZZZT!

Rick Wayne fewayne at wisc.edu
Wed May 30 21:07:08 UTC 2012 

Oh, God. I knew it was going to be a forehead-smacker. I'm going to have to dig deeper to be sure, but a quick test sure makes it look as if that might be the problem.

I'll post again when I know for sure, but in the meantime, THANKS! Talk about your fast turnaround time!!

rw

On May 30, 2012, at 3:52 PM, Sante Rotondi wrote:

> Have you checked for the anti cross site request forgery header in the ajax request? 
> Rails won't accept post requests without that by default
> 
> Il giorno 30/mag/2012, alle ore 21:39, Rick Wayne <fewayne at wisc.edu> ha scritto:
> 
>> Hey all,
>> 
>> Pardon if this is a FAQ, but I've been hunting around for an answer and am still baffled.
>> 
>> I have a Ruby on Rails 3.0 application which happily uses the ruby-openid gem to perform delegated authentication. Works great.
>> 
>> However, some of the views in the application use JQuery, specifically JQGrid data-driven elements. And when the user does certain things, the grid obligingly fires off a POST back to the server.
>> 
>> Which does a redirect to the OpenID provider, as if this user had not already authenticated and gotten a session running. ???
>> 
>> Furthermore, the redirect just dies at that point, the Javascript doing the post never follows the redirect and so the POST never gets to my server. It looks as if it just gives up when the auth code in my app returns the 401 that's supposed to kick off the OpenID dance.
>> 
>> Now, perhaps the easy answer is "Well, it's JQuery's problem, mate". But I can't believe that I'm the first person to ever try this kind of thing, which makes me think that it's not JQuery's problem so much as my problem, that I've missed something blindingly obvious (like unknowingly running afoul of cross-site scripting defenses).
>> 
>> If y'all could point me to the path of righteousness, that would delight the people funding my project no end. And thus, indirectly, my wife, who (trust me on this) is a very good person to keep happy.
>> 
>> TIA,
>> 
>> rw
>> 
>> UW Soil Science
>> 
>> _______________________________________________
>> Code mailing list
>> Code at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-code

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20120530/15f99372/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7351 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20120530/15f99372/attachment-0001.p7s>

More information about the Code mailing list