Late one night, I was attempting to wire up a delete button on a Rails app using XHR. However, every time I attempted to make the XHR call, I saw
AccessDenied in the server log and my session was un authenticated. Since it was late, I remapped it to a different URL and moved on.
However, the fact that this did not work still bothered me and when I revisited it after a good night's sleep, the answer was quite obvious. My Ajax setup (copied from many Rails projects ago) looked like:
I was only setting the
X-CSRF-Token on a
POST. Therefore, when the server received the
DELETE verb, it killed the session, thinking that something was afoul.
Changing that line to:
fixed the issue in the correct way.
Did you like this? Please share:
The Lost Year: A Failed Experiment to Switch Away From Mac
Fed up with the Apple Keyboard, I bought a ThinkPad, installed Linux, and promptly decided that I hated computers.
Maker's Space, Manager's Space
The Grand Remote Work Experiment: A Retrospective
The COVID-19 pandemic has lead to an unexpected experiment in remote working. What has worked and why?