1

So this is related to another SO question (Why does destroy action trigger HTTP authentication in Production in Rails 3?) which I think is at the heart of that issue, but not sure how to do it.

Apparently my $.destroy() is not being passed the requisite CSRF token.

But I am not sure how to include it.

This is my JS:

var compv = {
    exists: true,
    tools: {
        exists: true,
        csrf_param: null,
        csrf_token: function() { },
        clientError: function() { }
    },
    comments: {
        exists: true,
        updateView: null,
        selectImage: null,
        upvote: null,
        edit: null,
        cancelEdit:null,
        downvote: null,
        showVotes: null,
        destroy: {
            success: null,
            error: null,
            dialog: 'comment-destroy-dialog'
        },
        getUploadID: function(element) {
            return $(element).parents("li").attr("data-upload-id");
        }
    },
    steps: {
        exists: true,
        selectFn: {},
        selectedClass: "selected-step",
        selectableClass: "selectable-step",
        selectedClient: {
            element: null,
            id: null,
            stepType: "client",
            ajaxSuccess: null
        },
        selectedProject: {
            element: null,
            id: null,
            stepType: "project",
            ajaxSuccess: null
        },
        selectedStage: {
            element: null,
            id: null,
            stepType: "stage",
            ajaxSuccess: null,
            getID: function() {
                return compv.steps.selectedStage.id;
            },
            displayCompare: function() {
                window.open($(this).attr('data-url'), "_blank");
            }
        },
        selectedUpload: {
            element: null,
            id: null,
            stepType: "image",
            primeUploadDisplay: null,
            ajaxSuccess: null,
            uploader: null,
            noCloseDialog: false
        }
    }
};

compv.tools.csrf_param = function(){
    return $('meta[name=csrf-param]').attr('content');
};

compv.tools.csrf_token = function(){
    return $('meta[name=csrf-token]').attr('content');
};

This is my $.destroy()

$.destroy({
    url: element.attr('data-destroy-url'),
    success: mapping.success
});

Given that I am getting the appropriate csrf meta data in the above functions, how do I then pass it to the .destroy() ?

I tried adding compv.tools.csrf_token, but the error I got is that compv is not defined. The same thing happened when I did compv.tools.csrf_token().

Thoughts ?

Community
  • 1
  • 1
marcamillion
  • 32,933
  • 55
  • 189
  • 380

2 Answers2

0

Take a look in handleMethod in the public/javascripts/rails.js that's included with Rails (or in the jQuery version here) - both will show you how Rails includes the token.

If you want to use your own custom destroy call then you need to do this stuff yourself.

smathy
  • 26,283
  • 5
  • 48
  • 68
  • I don't necessarily WANT to use my own custom destroy. I even tried using Rails delete helper method and it is still giving me the same issue. – marcamillion Apr 21 '11 at 16:29
0

Toss the results of your csrf functions into an object, and pass that object in the data attribute. At least this has worked for me in the past. 

    var data = {};
    data[compv.tools.csrf_param()] = compv.tools.csrf_token();
    $.destroy({
      url: element.attr('data-destroy-url'),
      success: mapping.success,
      data: data
    });
dogenpunk
  • 4,332
  • 1
  • 21
  • 29
  • D'oh! Do you mean you're getting an error that compv.tools is not an object? Maybe add `tools : {}` to your definition? – dogenpunk Apr 22 '11 at 00:00
  • Where the variable is passed in. So for instance, if my variable was `csrf_data`, it would be `$.destroy({ url: element.attr('data-destroy-url'), success: mapping.succes, data: csrf_data});` Right ? – marcamillion Apr 22 '11 at 00:04
  • Actually, I tried Rails' JS delete helper and it doesn't work. So I don't think the CSRF is what is throwing it for a loop. – marcamillion Apr 22 '11 at 00:06
  • Yeah, if ultimately this is calling jQuery's $.ajax method that should work. – dogenpunk Apr 22 '11 at 00:08
  • If the issue you're having is the error about compv not being defined, then yeah, the csrf token probably doesn't have anything to do with that. =) – dogenpunk Apr 22 '11 at 00:14
  • This does work...the issue is that it doesn't solve my problem...but thanks for solving this particular question :) – marcamillion Apr 23 '11 at 01:23