Why would people skip the verification and increase the security vulnerability of their app?

Question

0

Asked: May 30, 20262026-05-30T10:19:24+00:00 2026-05-30T10:19:24+00:00

Why would people skip the verification and increase the security vulnerability of their app?

0

Why would people skip the verification and increase the security vulnerability of their app? Is it beneficial to disable it on pages that have only GET requests? Thanks in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T10:19:26+00:00

CRSF check is already skipped for GET request in rails

http://guides.rubyonrails.org/security.html

3.1 CSRF Countermeasures
— First, as is required by the W3C, use GET and POST appropriately. Secondly, a security token in non-GET requests will protect your application from CSRF.

You can see the method itself as well.

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#method-i-verify_authenticity_token

 .... Also, GET requests are not protected as these should be idempotent. ....

 verified_request?()
   Returns true or false if a request is verified. Checks:
   is it a GET request? Gets should be safe and idempotent

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Why would people skip the verification and increase the security vulnerability of their app?

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply