I’m asking this because I feel that it’s making my life overly complicated when I start communicating with rails using ajax or flash.
I know it’s nice to protect against CSRF, but couldn’t I just check the referer or something instead?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m asking this because I feel that it’s making my life overly complicated when I start communicating with rails using ajax or flash.
I know it’s nice to protect against CSRF, but couldn’t I just check the referer or something instead?
Many users deactivate their referer, mostly not by choice.
But because they’re behind a firewall that’s blocking it.
Using protect from forgery is the only solution to protect you against CSRF.
But you can deactivate for any action you wish.
In your controller, you add :
This will deactive the token verification for the create action in the controller where you’ve added the filter.