Is Rails "protect_from_forgery" really useful?

Question

I ask about this because I feel it makes life harder when I start talking to rails using ajax or flash.

I know it's good to protect against CSRF, but can't I just check the referer or something instead?

+5

marcgg Nov 25 '09 at 14:40

1 answer

Damien MATHIEU · Accepted Answer · 2009-11-25T14:52:39+0000

Many users deactivate their referrer, mostly not by choice.
But since they are behind a firewall that blocks it.

Using counterfeit protection is the only solution to protect you from CSRF.
But you can deactivate all the actions you want.

:

skip_before_filter :verify_authenticity_token, :only => :create

create , .