Tag Archives: rails

code rails

JQuery AJAX with Rails’ authenticity token

In Ruby on Rails, authenticity tokens are generated to prevent CSRF (Cross Site Request Forgery) attacks. These tokens generate a unique “identifier” to prevent other website from making requests on your behalf, or so-called “session riding”.

In Ruby on Rails, to have this identifier available for you, you need to put <%= csrf_meta_tag %> in your view, usually in app/views/layouts/application.html.erb. This tag creates something like:

<meta name=”csrf-param” content=”authenticity_token”/>
<meta name=”csrf-token” content=”uDDuQj14CCJ…”>

If you create your own AJAX functions, say with JQuery, you would need these values in order to have rails handle your request. This can be done using the following:

var param = $(‘meta[name=csrf-token]‘).attr(‘content’);

Which you can use then in your AJAX requests

$.post(‘/post’, { body: $(‘#post_body’).val(), authenticity_token: param }, function(data){
var ret = jQuery.parseJSON(data);
if(ret.status==”ok”) {

rails

Spaces, or parentheses are important

In Rails,

    j = points.size -1

is not equal to

    j = points.size - 1

Wouldn’t it be easier if Parentheses were mandatory, so that we could see the difference between:

    j = points.size -1

and

    j = points.size(-1)
internet

Google map secret backend API broken?

Hi all,

Some of you might have been aware already about (and alpha testing) the Windows Mobile client for places.ae, which will allow you to find out the closest restaurants, petrol stations and such (pretty much the same functionality as the blackberry mini site). These searches happen using triangulation of celltower ID’s on a mobile phone.

Now, in the backend, we were utilizing google’s API for mapping these cell towers to a location, which in return gives us the ability to locate you. This services was moved to another URL silently, which kinda slows down the Windows Mobile development. I guess too many users were using it, using non-google programs.

If anyone is working on more-or-less the same, please get in contact with me. For the others, the windows client will be delayed for a little while then.

Thanks,
Michael