Rails HAML Gotcha with CSRF

I’ve been doing a good bit of work with Ruby 1.9.2 and Rails 3.0 and 3.1 lately. It’s been a pretty exciting time as I have not really delved heavily into a new language in a couple of years (I had lots of CFML work from 2009-2011).

Right now, I’m working on a site for our volunteer fire department, of which I am a member. I’ve got the front-end of the site in place and lots of the admin/CMS section done, too. However, as I started running through admin/CMS tests, I found that none of my delete/destroy calls were working. Every time I’d try to delete something, it would log me out, force me to log back in and then fail to have run the delete.

I researched the issue on the Interwebs but only found references to needing the cross site request forgery meta tag in place (csrf_meta_tag) in your documents. However, I did have this in place … see the code block below:

Admin Head Section

%head %title Website Administration %meta{ :http_equiv=>'Content-Type', :content => 'text/html;', 'charset' => 'utf-8' }     = stylesheet_link_tag "960","reset","text","red","smoothness/ui", "wysiwyg/jquery.wysiwyg", "lightbox", "admin" = javascript_include_tag "jquery.min","jquery-ui-1.8.7.custom.min.js","jquery.blend-min","wysiwyg/jquery.wysiwyg", "jquery.lightbox", "jquery.slideto.min", "jquery_ujs","admin"         /[if IE 6] = stylesheet_link_tag "iefix" = javascript_include_tag "pngfix" %script{:type=>"text/javascript", :language=>"javascript"} DD_belatedPNG.fix('#menu ul li a span span'); = csrf_meta_tag

Notice anything screwy in that? Because I clearly did not. My csrf_meta_tag was indented one step too far so that it was included in the IE6 conditional comments. D'oh!

It should have been …

%head %title Website Administration %meta{ :http_equiv=>'Content-Type', :content => 'text/html;', 'charset' => 'utf-8' }     = stylesheet_link_tag "960","reset","text","red","smoothness/ui", "wysiwyg/jquery.wysiwyg", "lightbox", "admin" = javascript_include_tag "jquery.min","jquery-ui-1.8.7.custom.min.js","jquery.blend-min","wysiwyg/jquery.wysiwyg", "jquery.lightbox", "jquery.slideto.min", "jquery_ujs","admin"                                                                                                 = csrf_meta_tag    /[if IE 6] = stylesheet_link_tag "iefix" = javascript_include_tag "pngfix" %script{:type=>"text/javascript", :language=>"javascript"} DD_belatedPNG.fix('#menu ul li a span span');

Or …

%head %title Website Administration %meta{ :http_equiv=>'Content-Type', :content => 'text/html;', 'charset' => 'utf-8' }     = stylesheet_link_tag "960","reset","text","red","smoothness/ui", "wysiwyg/jquery.wysiwyg", "lightbox", "admin" = javascript_include_tag "jquery.min","jquery-ui-1.8.7.custom.min.js","jquery.blend-min","wysiwyg/jquery.wysiwyg", "jquery.lightbox", "jquery.slideto.min", "jquery_ujs","admin"         /[if IE 6] = stylesheet_link_tag "iefix" = javascript_include_tag "pngfix" %script{:type=>"text/javascript", :language=>"javascript"} DD_belatedPNG.fix('#menu ul li a span span'); = csrf_meta_tag

Long story short, be sure to check your HAML indentations and orders if something is not working as expected!

Posted via email from self.is_a? Blog

Comments