The Bleeding Edge
I've spent a few evenings hunting down a particularly annoying bug in my latest rails app.
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /vendor/rails/actionpack/lib/action_controller/ request_forgery_protection.rb:73:in `verify_authenticity_token' ...I was trying to get a script.aculo.us sortable list working, and I spent tons of time debugging with Firefox + Firebug to try and figure out why the authenticity token wasn't getting passed.
Firefox 3 includes tons of great new features and it requires a new Firebug, so every couple of days I'm getting the latest alpha release of Firebug. For some reason I was sure my rails app was broken, rather than Firebug. As a matter of fact, it turns out my rails app was working just fine and Firebug was lying to me and resubmitting the request when I tried to use it to check out the response. (score: Rails CSRF protection 1, my sanity 0)
I fixed it by either turning on Firebug's new debugging mode, or turning on its network monitoring. I can't really tell which because I can't seem to figure out which one actually solves the problem.
These nifty development tools are great, but sometimes there is no substitute for inspecting outgoing TCP packets.
Comments