In the controller where you want to disable CSRF the check:

    skip_before_action :verify_authenticity_token

Or to disable it for everything except a few methods:

    skip_before_action :verify_authenticity_token, :except =&gt; [:update, :create]

Or to disable only specified methods:

    skip_before_action :verify_authenticity_token, :only =&gt; [:custom_auth, :update]

More info: [RoR Request Forgery Protection](http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html)

In Rails3 you can disable the csrf token in your controller for particular methods:

    protect_from_forgery :except =&gt; :create 

With Rails 4, you now have the option to write in `skip_before_action` instead of `skip_before_filter`.

    # Works in Rails 4 and 5
    skip_before_action :verify_authenticity_token
   

or 

    # Works in Rails 3 and 4 (deprecated in Rails 4 and removed in Rails 5)
    skip_before_filter :verify_authenticity_token



I am trying to mask an image with something like this:

![image to be masked][1]

  [1]: http://i.stack.imgur.com/0PeR9.png
  [2]: http://iphonedevelopertips.com/cocoa/how-to-mask-an-image.html#comment-47347

Would you please help me? 

I am using this code:

    - (void) viewDidLoad {
        UIImage *OrigImage = [UIImage imageNamed:@&quot;dogs.png&quot;];
        UIImage *mask = [UIImage imageNamed:@&quot;mask.png&quot;];
        UIImage *maskedImage = [self maskImage:OrigImage withMask:mask];
        myUIIMage.image = maskedImage;
    }

How can I mask a UIImageView?

For example, I have two lists  

     A           = [6, 7, 8, 9, 10, 11, 12]
    subset_of_A  = [6, 9, 12]; # the subset of A
    
    
    the result should be [7, 8, 10, 11]; the remaining elements 

Is there a built-in function in python to do this?

array filter in python?

I have a rails app that serves some APIs to an iPhone application.
I want to be able to simply post on a resource without minding on get the correct CSRF token.
I tried some methods that I see here in stackoverflow but it seems they no longer work on rails 3. 

Thank you for helping me.

Turn off CSRF token in rails 3

<p>I have a rails app that serves some APIs to an iPhone application.
I want to be able to simply post on a resource without minding on get the correct CSRF token.
I tried some methods that I see here in stackoverflow but it seems they no longer work on rails 3.</p>
<p>Thank you for helping me.</p>


In my routes.rb I have the following:

    resources :message_threads

When I call:

    message_threads_path(1)

I get:

    /message_threads.1

Why is this? My other resources work fine. Am I not pluralizing this correctly or something?

Path helpers generate paths with dots instead of slashes

How can I run a command five times in a row? 

For example:

    5 * send_sms_to(&quot;xxx&quot;);

How can I run a command five times using Ruby?

Build-in rake tasks work fine, but my new custom one, in Project/lib/tasks/payments.rb doesn&#39;t get loaded:

    namespace :payments  do
      desc &quot;Tally payments at the end of the month&quot;
      task :compute =&gt; :environment do
        BillingPeriod.compute_new_period
      end
    end

    $ rake payments:compute
    (in /Users/rob/Code/Apps/skyfarm)
    rake aborted!
    Don&#39;t know how to build task &#39;payments:compute&#39;

It works fine if I load the file application.rb:

    require &#39;lib/tasks/payments.rb&#39;

...but it breaks other things:

    $ rails s
    ./lib/tasks/payments.rb:1: undefined method `namespace&#39; for main:Object (NoMethodError)




Why is my custom rake task in lib/tasks not discovered in Rails 3?

I have a model A that has a &quot;has_many&quot; association to another model B.  I have a business requirement that an insert into A requires at least 1 associated record to B.  Is there a method I can call to make sure this is true, or do I need to write a custom validation? 

Rails - Validate Presence Of Association?

Right now I&#39;m using this which works for the development host, but I have to manually change the {:host =&gt; &quot;&quot;} code when I move to production.

### post.rb

    def share_all
      url =  Rails.application.routes.url_helpers.post_url(self, :host =&gt; &#39;localhost:3000&#39;)
      if user.authentications.where(:provider =&gt; &#39;twitter&#39;).any?
        user.twitter_share(url)  
      end
    end

I&#39;d like to use this and then define the default_url_options per environment:

### post.rb

    def share_all
      url =  Rails.application.routes.url_helpers.post_url(self)
      if user.authentications.where(:provider =&gt; &#39;twitter&#39;).any?
        user.twitter_share(url)  
      end
    end


I&#39;ve tried adding this to my config/environments/development.rb but I still get the &quot;Missing host to link to! Please provide :host parameter or set default_url_options[:host]&quot; error 

### development.rb

    config.action_controller.default_url_options = {:host =&gt; &quot;localhost:3000&quot;}


And I even tried it this way:

### development.rb 
    config.action_controller.default_url_options = {:host =&gt; &quot;localhost&quot;, :port =&gt; &quot;3000&quot;}



EDIT:

I&#39;ve now also followed this and still the same error guide http://edgeguides.rubyonrails.org/action_controller_overview.html#default_url_options

### application controller

    class ApplicationController &lt; ActionController::Base
      protect_from_forgery
      include ApplicationHelper
      def default_url_options
        if Rails.env.production?
          { :host =&gt; &quot;example.com&quot;}
        else
          {:host =&gt; &quot;example1.com&quot;}
        end
      end
    end

This is driving me crazy, what am I missing here???

How to set config.action_controller.default_url_options = {:host = &#39;#&#39;&#39;} on per environment basis

I am trying to add some security to the forms on my website. One of the forms uses AJAX and the other is a straightforward &quot;contact us&quot; form. I&#39;m trying to add a CSRF token. The problem I&#39;m having is that the token is only showing up in the HTML &quot;value&quot; some of the time. The rest of the time, the value is empty. Here is the code I am using on the AJAX form:

PHP:

    if (!isset($_SESSION)) {
		session_start();
	$_SESSION[&#39;formStarted&#39;] = true;
	}
	if (!isset($_SESSION[&#39;token&#39;]))
    {$token = md5(uniqid(rand(), TRUE));
	$_SESSION[&#39;token&#39;] = $token;
	
    }

HTML

     &lt;form&gt;
    //...
    &lt;input type=&quot;hidden&quot; name=&quot;token&quot; value=&quot;&lt;?php echo $token; ?&gt;&quot; /&gt;
    //...
    &lt;/form&gt;

Any suggestions?

How to properly add cross-site request forgery (CSRF) token using PHP

From what I&#39;ve learned so far, the purpose of tokens is to prevent an attacker from forging a form submission.

For example, if a website had a form that input added items to your shopping cart, and an attacker could spam your shopping cart with items you don&#39;t want.

This makes sense because there could be multiple valid inputs for the shopping cart form, all the attacker would have to do is know an item that the website is selling. 

I understand how tokens work and add security in this case, because they ensure the user has actually filled in and pressed the &quot;Submit&quot; button of the form for each item added to the cart.

However, do tokens add any security to a user login form, which requires a username and password?

Since the username and password are very unique the attacker would have to know both in order for the login forgery to work (even if you didn&#39;t have tokens setup), and if an attacker already knew that, he could just sign onto the website himself. Not to mention, a CSRF attack that makes the user log himself in wouldn&#39;t have any practical purpose anyway.

Is my understanding of CSRF attacks and tokens correct? And are they useless for user login forms as I suspect?

Do login forms need tokens against CSRF attacks?

I am sending data from view to controller with AJAXand I got this error:
&gt;WARNING: Can&#39;t verify CSRF token authenticity

I think I have to send this token with data.

Does anyone know how can I do this ?


**Edit: My solution**

I did this by putting the following code inside the AJAX post:

    headers: {
      &#39;X-Transaction&#39;: &#39;POST Example&#39;,
      &#39;X-CSRF-Token&#39;: $(&#39;meta[name=&quot;csrf-token&quot;]&#39;).attr(&#39;content&#39;)
    },



WARNING: Can&#39;t verify CSRF token authenticity rails

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent CSRF in my application.

Now since my underlying framework is JSF, I guess I don&#39;t have to handle XSS attack as it is already handled by `UIComponent`. I am not using any JavaScript in any of the view pages. Even if I use do I really need to implement code to prevent XSS attacks?

For DB we are using prepared statements and stored procedures in all DB interactions.

Is there anything else needs to be handled for preventing these 3 common attacks?
I have already been through the [OWASP][1] site and their [cheat sheets][2].

Do I need to take care of any other potential attack vectors?
            


  [1]: http://www.owasp.org/
  [2]: https://www.owasp.org/index.php/Java_Server_Faces

CSRF, XSS and SQL Injection attack prevention in JSF

I&#39;m using backbone.js and it works great. but the forms I&#39;m creating as a javascript template lacks the rails csrf protection token. How do I add it to templates I&#39;m creating in javascript?

Content Type	Original Author	Original Content on Stackoverflow
Question	Simone D'Amico	View Question on Stackoverflow
Solution 1 - Ruby on-Rails-3	Mike Lewis	View Answer on Stackoverflow
Solution 2 - Ruby on-Rails-3	Markus Proske	View Answer on Stackoverflow
Solution 3 - Ruby on-Rails-3	thank_you	View Answer on Stackoverflow

Turn off CSRF token in rails 3

Ruby on-Rails-3 Problem Overview

Ruby on-Rails-3 Solutions

Solution 1 - Ruby on-Rails-3

Solution 2 - Ruby on-Rails-3

Solution 3 - Ruby on-Rails-3

array filter in python?

How can I mask a UIImageView?

Attributions