Maintenance Release: 1.6.1
Hello all,
There was at least one bug running RubyAMF with Rails 2.1, and I fixed
that today, and all my reference apps (which are what passes for
tests) work, so I’m tagging that sucka as 1.6.1.
You can get that like:
script/plugin install http://rubyamf.googlecode.com/svn/tags/1.6.1/rubyamf
Or from the current tag:
script/plugin install http://rubyamf.googlecode.com/svn/tags/current/rubyamf
Now, for anyone interested, what was breaking was Rails 2.1’s forgery
protection, which stops cross site scripting attacks by placing a
security code in HTML and Ajax forms and verifying that that’s the
right code on the Rails side.
My fix was just to add the AMF mime type to the list of mime types
that aren’t checked for forgery protection, alongside XML and JSON. I
think it belongs there, because there’s no way that I know of to hook
into the Rails forgery protection.
To do the same type of thing from a Flash app would be a bit of a
different process, and I’m not quite sure what the best way to think
about that is, nor if it’s actually a problem we need to worry about
anytime soon. Any thoughts?
Upshot: RubyAMF 1.6 for Rails 2, RubyAMF 1.6.1 for Rails 2.1.
Cross posted from (http://groups.google.com/group/rubyamf)
