#23 ✓resolved
Richard Schell

Single Access Token, request types, and :all

Reported by Richard Schell | January 4th, 2009 @ 01:35 AM

The Session config.rb docs for "single_access_allowed_request_types" states that one can pass in "String, or :all to allow single access authentication for any and all request types". However, :all does not work. The Session params.rb in valid_params? looks to see of the "single_access_allowed_request_types.include?(controller.request_content_type)" for which :all is not considered. As such, valid_params? returns false and the single access token is rejected.

Instead of passing in :all to my single_access_allowed_request_types configuration in my user_session model, I had to pass in "text/html" to get the single access token to work.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket