I have a rails app that serves some APIs to an iPhone application. I want to be able to simply post on a resource without minding on get the correct CSRF token. I tried some methods that I see here in stackoverflow but it seems they no longer work on ra开发者_开发问答ils 3.
Thank you for helping me.
In the controller where you want to disable CSRF the check:
skip_before_action :verify_authenticity_token
Or to disable it for everything except a few methods:
skip_before_action :verify_authenticity_token, :except => [:update, :create]
Or to disable only specified methods:
skip_before_action :verify_authenticity_token, :only => [:custom_auth, :update]
More info: RoR Request Forgery Protection
In Rails3 you can disable the csrf token in your controller for particular methods:
protect_from_forgery :except => :create
With Rails 4, you now have the option to write in skip_before_action instead of skip_before_filter.
# Works in Rails 4 and 5
skip_before_action :verify_authenticity_token
or
# Works in Rails 3 and 4 (deprecated in Rails 4 and removed in Rails 5)
skip_before_filter :verify_authenticity_token
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论