Not really an issue...XSS

[kielkowiczk]

In Rails 4.0 running with Ruby 2.0 following instruction in readme file Users will get (and I did) "handle_inverified_request" error. It's obvious not an issue, it's just request were not signed with token, never less i suggest updating readme file with "protect_from_forgery except:....." filter.
One more thing...how do You do UsernameToken Authentication using wash_out?

[inossidabile]

Funny. I had it working without except but I don't understand how. Will look into that tomorrow.

Do you mean WSSE auth? There are plenty of authentications at SOAP. Specify the requirements.

[kielkowiczk]

Well as I said, it's not and issue, that how it should work, and It does:)

I meant WS-Security Username Token [1]

Links:
[1] http://docs.oracle.com/cd/E21455_01/common/tutorials/authn_ws_user.html

2013/8/30 Boris Staal [email protected]

Funny. I had it working without except but I don't understand how. Will
look into that tomorrow.

Do you mean WSSE auth? There are plenty of authentications at SOAP.
Specify the requirements.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/107#issuecomment-23527207
.

[inossidabile]

Currently it parses that into request.env['WSSE_TOKEN']

[inossidabile]

0.8.3 released. Thanks.