JRuby Protecting me From Forgery
May 20th, 2008Tonight I took it upon myself to attempt to get a JRuby app to deploy on an OC4J Instance and connect to an Oracle database. Locally this was no issue however when I deployed in “production” mode up on the slice I kept getting this error:
ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) in welcome/index.html.erb:
Needless to say I was a bit befuddled and couldn’t find much on the google pipes of consequence until I stumbled up on this line in application.rb (controllers folder):
protect_from_forgery #:secret => ‘xxxxxxxxxx’
I uncommented this line and life was good. Apparently in the application server the session store cannot generate its own secret key. Oddly enough this works fine (with the line commented) on Glassfish but not on OC4J. So I am chalking it up to a server oddity for now until I have more time to research.