finished CSRF/AJAX, closes issue #21

2013-06-06 22:40:52 -04:00
parent cc38bd3f2a
commit 39d2e9d79f
2 changed files with 35 additions and 2 deletions
@@ -36,6 +36,24 @@ class TutorialsController < ApplicationController
  def csrf
    @meta_code_bad = %{<%#= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->}
    @meta_code_good = %{<%= csrf_meta_tags %> }
+    @ajax_code_good = %q{
+      ("#example_submit_button_id").click(function(event) {
+          var valuesToSubmit = $("#example_form_id").serialize();
+          event.preventDefault();
+          $.ajax(\{
+            url: "/example",
+      	  data: valuesToSubmit,
+      	  type: "POST",
+      	  success: function(response) \{
+      		  alert('success!');
+      	  },
+      	  error: function(event) \{
+      		 alert('failure!');
+      	  \}
+      	\});
+      \});
+      
+    \} }
  end
  
  def misconfig
@@ -74,13 +74,28 @@
 				
 			  <p><b> Cross-Site Request Forgery SOLUTION:</b></p>
 			  <p>
-				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. The solution around the JS problem is to add the following code within the header section of the application.html.erb file (or any other application layout file).
+				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. There are two separate solutions around the JS problem.
+			 </p>
+			 <p>  		
+				 Once protect_from_forgery is added back... 
+				 <li>Add the following code within the header section of the application.html.erb file (or any other application layout file).</li>
 			 </p>
 				<p>
 					<pre class="ruby">
 						<%= @meta_code_good %>
 					</pre>
 			  </p>
+			  <p>
+				That will allow you to parse the meta tag with JS. However, keep in mind that any form generated by Rails is populated with an authenticity token so, if you leverage something like JQuery to make an Ajax request, you can include all values within the form by using the technique shown next.
+			  </p>	
+			  <p>	
+				 <li>Leverage the serialize() method, shown on line 3. This grabs all the values from the form, including the authenticity token.</li>
+			 </p>
+				<p>
+					<pre class="ruby">
+						<%= @ajax_code_good %>
+					</pre>
+			  </p>
            </div>
          </div>
        </div>
@@ -94,7 +109,7 @@
          </div>
          <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
            <div class="accordion-inner">
-              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+              Under progess....
            </div>
          </div>
        </div>