How to get around the_from_forgery protection in Rails 3 for a Facebook canvas application?

Question

How to get around the_from_forgery protection in Rails 3 for a Facebook canvas application?

I have a Rails 3 Facebook canvas app. When it loads, it gives me an invalid authentication token error and displays the signed_request parameter that Facebook sends to my application. Is there a way around the "protect_from_forgery" for signed_request from facebook?

Thanks!

Tim

+6

ruby-on-rails facebook ruby-on-rails-3 csrf

Tim Dec 29 '10 at 3:14

source share

2 answers

You can also just remove protect_from_forgery from the application controller if you only use the application as a canvas application.

0

azolotov Jan 22 '11 at 0:22

source share

Tim · Accepted Answer · 2010-12-29T04:13:44+0000

The problem is resolved. I added

skip_before_filter :verify_authenticity_token, :only => [THE ACTION]

at the top of my controller.

How to get around the_from_forgery protection in Rails 3 for a Facebook canvas application?

More articles: