[ACCEPTED]-How to turn off rails protect_from_forgery filter only for json-protect-from-forgery

Accepted answer

Score: 18

You can just skip the authenticity token 1 check if its a json request

class ApplicationController < ActionController::Base
  skip_before_filter :verify_authenticity_token, if: :json_request?

  def json_request?
    request.format.json?
  end
end

Score: 6

Add the code below to your ./app/controllers/application_controller.rb:

protect_from_forgery unless: -> { request.format.json? }

0

Score: 1

Instead of disabling the CSRF check you 2 can pass the authenticity_token field in 1 your forms, eg:

<%= hidden_field_tag :authenticity_token, form_authenticity_token %>

http://apidock.com/rails/v2.0.0/ActionController/RequestForgeryProtection/ClassMethods/protect_from_forgery

Source: stackoverflow.com

More Related questions

What should I render when destroying a record?

How should I format a JSON POST request to my rails app?

Progress notifications from HTTP/REST service

Binding tab-specific data to an HTTP GET request

PATCH AJAX Request in Laravel

Posting File Input as FileReader Binary Data through AJAX Post

React fetch, “credentials: include”, breaks my entire request and I get an error

Get data from rest service using D3

What are the relative merits of CSV, JSON and XML for a REST API?

REST vs. RPC in PHP

Cookie Warning

We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.