Ruby on Rails

I have an app that I am working on and what I did was added a set of
filters on the index page that allows me to use Ajax to filter the
result set. The filters pass through to the controller index method.
That works beautifully however I ran into a cross site scripting error
with pagination.

I added protect_from_forgery unless: -> { request.format.js? }
however my js file that renders the partial now comes back as text
instead of HTML.

Here is the line in my index.js.erb that renders the partial...

$("#training_listing").empty().html("<%= j render "listing" %>");

If I take out the protect_from_forgery and I click on the next page for
pagination it gives me the cross site scripting error. If I put it in I
get the text rendering if I click on the next page.

Scratching my head as I am not sure how to get around this.

Anyone have any insight?

I'll send along anything you might need to see. Didn't want to clutter
the message with unneeded files..

John

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/8d944cdb0be3dd606ed35accb0471881%40ruby-forum.com.
For more options, visit https://groups.google.com/d/optout.