Friday, December 06, 2013

Can't verify CSRF token authenticity using rails for link and json requests

I think we are trying to do a POST request from a link. By default links aren't do POST requests, only GET requests can do it. So when we try to make the connection to our server, then Rails warns us about this CSRF.

One way is that, we can comment the protect_from_forgery line from application_controller, So Rails doesn't do this kind of verification, but this is extremely not recommended because it it will affect your another def. of controller then you need do like this way.
protect_from_forgery with: :exception, :except => [<def_name>]
I have another way to avoid this kind of behavior is that we need to use a form instead of link. So we can do proper POST requests to the server.

If you are using JSON requests then you can add this :
protect_from_forgery with: :null_session, if: { |c| c.request.format == 'application/json' }


Post a Comment