Welcome to Giant Robots Smashing Into Other Giant Robots — a weblog about development, business, design and technology — written by thoughtbot.

Built-in XSS protection in rails will confuse you

If you do rails development of multiple applications simultaneously on a machine that you access with one hostname – but using different ports for the different applications – you might end up with a problem.

The problem will be that you’ll have a cookie set in your browser which ties you into a session for one of the applications, and then you’ll try to hit the second application, and you’ll get an empty screen and a 403 error in the logs, with little else to go on.

This is a little-documented built-in defense against cross site scripting, but you won’t know that when you keep getting empty screens back from your otherwise correct application.

You can solve this by either deleting your cookies for that domain/host, or by deleting the session store for the applications.

About this entry

You're reading an entry on GIANT ROBOTS SMASHING INTO OTHER GIANT ROBOTS, the company weblog of thoughtbot, inc.

Author:
Matt Jankowski
Published:
December 14th 06:30 PM
Updated:
September 19th 08:36 PM
Sections:
Development

 

thoughtbot is hiring

We are hiring web developers and web designers in both Boston and New York, NY.

What are we up to?

We built Shoulda, an eclectic set of additions to Test::Unit; Paperclip to manage uploaded files without hassle; Jester, a REST/ActiveResource client library written in Javascript, and Squirrel, an enhancement for ActiveRecord's find syntax; — amongst some other projects.


Chad (President) and Jon (CTO) co-authored a technical book titled Pro Active Record: Databases with Ruby and Rails, which explores the ins and outs of the ActiveRecord ruby library. You can buy it today at Amazon.com.

About thoughtbot, inc.

We are a small web application development consulting business, with offices in Boston, MA and New York, NY. If you're looking to find a team for your next web development project or your new web application — get in touch.