Disable CSRF token on rails 3

Question

Disable CSRF token on rails 3

I have a rails application that runs apis for an iphone application. I want to be able to just post on a resource, not paying attention to getting the correct csrf token. I tried some method that I see here on stackoverflow, but it seems that they no longer work on rails 3. Thank you for helping me.

+80

ruby-on-rails-3 csrf

Simone D'Amico Apr 14 2018-11-11T00:

source share

3 answers

In Rails3, you can disable the csrf token in the controller for specific methods:

 protect_from_forgery :except => :create

+102

Markus Proske Apr 14 2018-11-11T00:

source share

With Rails 4, you now have the option to write to skip_before_action instead of skip_before_filter .

 # Works in Rails 4 and 5 skip_before_action :verify_authenticity_token

or

 # Works in Rails 3 and 4 (deprecated in Rails 4 and removed in Rails 5) skip_before_filter :verify_authenticity_token

+27

jason328 08 Sep '13 at 22:49 on

source share

Mike Lewis · Accepted Answer · 2011-04-14 20:36

In the controller where you want to disable CSRF, check:

skip_before_action :verify_authenticity_token

Or disable it for everything but a few methods:

 skip_before_action :verify_authenticity_token, :except => [:update, :create]

Or disable only the specified methods:

 skip_before_action :verify_authenticity_token, :only => [:custom_auth, :update]

Additional Information: RoR Request Forgery Protection

Disable CSRF token on rails 3

More articles: