From 39d2e9d79fb9048e2d270c7666db8856cb02dbac Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Thu, 6 Jun 2013 22:40:52 -0400
Subject: [PATCH] finished CSRF/AJAX, closes issue #21

---
 app/controllers/tutorials_controller.rb       | 18 ++++++++++++++++++
 .../tutorial/csrf/_csrf_first.html.erb        | 19 +++++++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb
index 3a9b400..08cee31 100755
--- a/app/controllers/tutorials_controller.rb
+++ b/app/controllers/tutorials_controller.rb
@@ -36,6 +36,24 @@ class TutorialsController < ApplicationController
   def csrf
     @meta_code_bad = %{<%#= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->}
     @meta_code_good = %{<%= csrf_meta_tags %> }
+    @ajax_code_good = %q{
+      ("#example_submit_button_id").click(function(event) {
+          var valuesToSubmit = $("#example_form_id").serialize();
+          event.preventDefault();
+          $.ajax(\{
+            url: "/example",
+      	  data: valuesToSubmit,
+      	  type: "POST",
+      	  success: function(response) \{
+      		  alert('success!');
+      	  },
+      	  error: function(event) \{
+      		 alert('failure!');
+      	  \}
+      	\});
+      \});
+      
+    \} }
   end
   
   def misconfig
diff --git a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
index b08e0fc..79c7213 100755
--- a/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
+++ b/app/views/layouts/tutorial/csrf/_csrf_first.html.erb
@@ -74,13 +74,28 @@
 				
 			  <p><b> Cross-Site Request Forgery SOLUTION:</b></p>
 			  <p>
-				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. The solution around the JS problem is to add the following code within the header section of the application.html.erb file (or any other application layout file).
+				 By Default, the protect_from_forgery directive is added under the application_controller.rb at project creation. However, occasionally developers turn it off (comment out) because of issues with JS. There are two separate solutions around the JS problem.
+			 </p>
+			 <p>  		
+				 Once protect_from_forgery is added back... 
+				 <li>Add the following code within the header section of the application.html.erb file (or any other application layout file).</li>
 			 </p>
 				<p>
 					<pre class="ruby">
 						<%= @meta_code_good %>
 					</pre>
 			  </p>
+			  <p>
+				That will allow you to parse the meta tag with JS. However, keep in mind that any form generated by Rails is populated with an authenticity token so, if you leverage something like JQuery to make an Ajax request, you can include all values within the form by using the technique shown next.
+			  </p>	
+			  <p>	
+				 <li>Leverage the serialize() method, shown on line 3. This grabs all the values from the form, including the authenticity token.</li>
+			 </p>
+				<p>
+					<pre class="ruby">
+						<%= @ajax_code_good %>
+					</pre>
+			  </p>
             </div>
           </div>
         </div>
@@ -94,7 +109,7 @@
           </div>
           <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
             <div class="accordion-inner">
-              Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor
+              Under progess....
             </div>
           </div>
         </div>