The CSRF protection built into Rails 2 presented an issue when trying to make POST requests from anything other than a standard form. Rather than exclude numerous actions from protect_from_forgery, I made use of this snippet I noticed at http://madhatted.com (although slightly changed since ‘const’ isn’t support by IE):
<%= javascript_tag "var AUTH_TOKEN = #{form_authenticity_token.inspect};" if protect_against_forgery? -%>While this is probably most useful for heavily Javascript/AJAX reliant applications, a simple use-case for this is creating a POST request from an anchor tag without using the messy ‘:method => :post’
In your RHTML:
<%= link_to 'Vote For This!', vote_for_article_path(@article), :class => 'method-post' -%>;
In your JS:
var anchorMethodPost = Behavior.create({
onclick: function() {
var f = document.createElement('form');
f.style.display = 'none';
this.element.parentNode.appendChild(f);
f.method = 'POST';
f.action = this.element.href;
if(AUTH_TOKEN) {
var s = document.createElement('input');
s.setAttribute('type', 'hidden');
s.setAttribute('name', 'authenticity_token');
s.setAttribute('value', AUTH_TOKEN);
f.appendChild(s);
}
f.submit();
return false;
}
});
Event.addBehavior({ 'a.method-post' : anchorMethodPost });Note: the above example uses Dan Webb’s lowpro.
The code is shifted from the inline onclick attribute to your Javascript file; but now it’s reusable and cached. Pretty simple, but a lot cleaner.
If one was being genuinely unobtrusive; however, it would probably be best to start off with a full form and submit tag, and then switch that to an anchor tag through Javascript… if POSTable anchor tags are really that necessary that is…
Tags: ajax, authenticity token, javascript, lowpro, ruby on rails, unobtrusive
Posted in Web Development | 458 Comments »
Over at bragster.com we’re hard at work on a site-wide upgrade in which web video is going to play a big part. In preparation, I’ve been prototyping a number of flash widgets including a carousel [see it in action]. Carousels are a great way to provide a list of rich media links in a small area of a page and technologies like flash/actionscript or javascript provide the opportunity to implement some creative interactivity.
Feedback has been positive but admittedly this implementation is far from ideal. Were I to ‘productionize’ this prototype I would need to optimize some of the effects for lower-spec computers (the blurred scrolling effect is particularly sluggish). The cursor based navigation would also need fine tuning, my friend Andy suggested modeling the velocity control on a bell-curve.
Annoyingly, I ran into problems when creating the reflection effect in that I couldn’t redraw/duplicate the thumbnail file with the BitmapData class. As a consequence the carousel currently loads each thumbnail twice. This morning I found a solution at developer Ryan Taylor’s blog, using the checkPolicyFile property on movieClipLoader.
No doubt I’ll post another update should this prototype ever make it into a production environment.
Tags: actionscript, flash, FLVPlayer, video carousel, XPathAPI
Posted in Projects | 1 Comment »
Each week I’ll find something from my pre-work days to post; even the bad stuff :P. Here’s something from when I was dabbling with 3D Studio Max. The model is based on a bicycle I saw during a trip to Venice in 2006. A lot of time was spent fiddling with the lighting, although in reflection I might have been better off improving some of the textures too. I can’t seem to remember exactly what I was doing with those bright-blue handle bar grips. Full-size here.
Tags: 3d studio max, bicycle, mental ray, venice
Posted in Old Stuff | No Comments »
Let’s kick things off with some good old fashioned whining. Here are a few areas where I think the iPod Touch (as of v1.1.4) could be smarter.
‘On-The-Go’ Playlist Management on the go.
Other generations of the iPod allow users to hold down the center button when selecting a song. This automatically adds it to the ‘On-The-Go’ playlist. It isn’t amazing; but it is useful.
No such luck on the iPod Touch. I have tried double clicking, triple swooping, angrily shaking1. The only way to append a playlist is to leave the current song selection, enter the playlist tab and search through the entire collection. Quite inconvenient. There should at least be a shortcut to ‘Now Playing’ once in the playlist edit mode.
Song Rating filter.
Fairly self explanatory. Where is the ‘Top Rated’ filter? Why allow the user to rate each track on the fly if he or she cannot filter their collection with this information (let me know if I’m missing something here). Sure, one could create a ‘Smart Playlist‘ in iTunes; but it’s not really the same as being able to do it on the go.
The Safari back button.
Apparently Safari on the iPod Touch does cache content; unfortunately you may not notice. A page appears to take the same amount of time to load regardless of whether or not the user accesses it through the back button.
Perhaps the real issue is with page rendering on the device. Even so, pressing the back button should successfully load the previous page even if an active internet connection has been lost.
At least the Weather App data (an application for which I had to pay) is now cached.
There you have it, my first ever blog post.
* 1 Here’s one for those geo-hashing Fire Eagle folk: there should be an iPhone app, using the accelerometer, that detects when the user shakes their device with furious anger and rage. It could then present a Google map of the location of the nearest Apple representative; or if need be other angry users nearby. Not that it would be needed that often, of course.
Tags: Apple, iPhone, iPod Touch, iTunes
Posted in General | 302 Comments »
