RSpec
Ruby on Rails
Ruby
method
protect_from_forgery
v3.2.1 -
Show latest stable
-
1 note -
Class: ActionController::RequestForgeryProtection::ClassMethods
- 1.0.0
- 1.1.0
- 1.1.1
- 1.1.6
- 1.2.0
- 1.2.6
- 2.0.0 (0)
- 2.0.1 (0)
- 2.0.3 (-38)
- 2.1.0 (0)
- 2.2.1 (0)
- 2.3.2 (-10)
- 2.3.8 (0)
- 3.0.0 (0)
- 3.0.5 (3)
- 3.0.7 (0)
- 3.0.9 (-1)
- 3.1.0 (0)
- 3.2.1 (0)
- 3.2.3 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- What's this?
= private
= protected
protect_from_forgery(options = {})
public
Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked.
Example:
class FooController < ApplicationController protect_from_forgery :except => :index
You can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
It can also be disabled for specific controller actions:
skip_before_filter :verify_authenticity_token, :except => [:create]
Valid Options:
-
:only/:except - Passed to the before_filter call. Set which actions are verified.
Register or
log in
to add new notes.
hosiawak -
May 12, 2009
hosiawak -
May 12, 2009
2 thanks
form_authenticity_token
Instead of disabling the CSRF check you can pass the authenticity_token field in your forms, eg:
<%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
