[rt-users] Cross site request forgery?
Paul Tomblin
ptomblin at xcski.com
Sat Jun 2 16:04:21 EDT 2012
I'm trying to do a jquery autocomplete, but using my "other" database
rather than the RT database. I created a web form in my extension's
own html/cf directory, which I can access. I also put a autocomplete
file in html/cf/AutoComplete called "People", which looks a lot like
your Helpers/Autocomplete/Users:
% $r->content_type('application/json');
<% JSON( \@suggestions ) |n %>
% $m->abort;
<%ARGS>
$field => undef
$term => undef
</%ARGS>
<%INIT>
use RTx::FooBar::Records::Peoples;
$RT::Logger->debug("called AutoComplete/People");
my $people = RTx::FooBar::Records::Peoples->new(Handle => CFHandle());
$people->Limit(
FIELD => $field,
OPERATOR => 'LIKE',
VALUE => '%'.$term.'%',
ENTRYAGGREGATOR => 'AND');
my @suggestions
while (my $person = $people->Next)
{
my $suggestion = { label => $person->$field, value => $person };
push @suggestions, $suggestion;
}
</%INIT>
I've already tested that my autohandler provides the correct CFHandle
to my database, and that RTx::FooBar::Records::Peoples returns the
correct rows when accessed like this.
But when I try to access this file as the source in my .autocomplete,
it gets a 404. I've tried it with a relative path and an absolute
path, same results.
And if I try to access the url directly, I get this RT page that says
it's a possible cross-site request forgery.
What can I do to make this work?
--
http://www.linkedin.com/in/paultomblin
http://careers.stackoverflow.com/ptomblin
More information about the rt-users
mailing list