Tejus's Programming and startup blog

Access Denied Error when using XHR PUT and DELETE

Late one night, I was attempting to wire up a delete button on a Rails app using XHR. However, every time I attempted to make the XHR call, I saw AccessDenied in the server log and my session was un authenticated. Since it was late, I remapped it to a different URL and moved on.

However, the fact that this did not work still bothered me and when I revisited it after a good night’s sleep, the answer was quite obvious. My Ajax setup (copied from many Rails projects ago) looked like:

http://gist.github.com/1769263

I was only setting the X-CSRF-Token on a POST. Therefore, when the server received the DELETE verb, it killed the session, thinking that something was afoul.

Changing that line to:

http://gist.github.com/1769443

fixed the issue in the correct way.

About

I'm Tejus Parikh and this is my blog about programming, startups, and other technology related topics.

The vast majority of the posts are about Java or Ruby code, with a few about startups or gadgets thrown in for color.

You can learn more about me on Github and my personal homepage.

Me, Elsewhere

Twitter

loading tweets…

Access Denied Error when using XHR PUT and DELETE

Recent comments

About

Me, Elsewhere

Twitter