Turn off CSRF token in rails 3
Ruby on-Rails-3CsrfRuby on-Rails-3 Problem Overview
I have a rails app that serves some APIs to an iPhone application. I want to be able to simply post on a resource without minding on get the correct CSRF token. I tried some methods that I see here in stackoverflow but it seems they no longer work on rails 3.
Thank you for helping me.
Ruby on-Rails-3 Solutions
Solution 1 - Ruby on-Rails-3
In the controller where you want to disable CSRF the check:
skip_before_action :verify_authenticity_token
Or to disable it for everything except a few methods:
skip_before_action :verify_authenticity_token, :except => [:update, :create]
Or to disable only specified methods:
skip_before_action :verify_authenticity_token, :only => [:custom_auth, :update]
More info: RoR Request Forgery Protection
Solution 2 - Ruby on-Rails-3
In Rails3 you can disable the csrf token in your controller for particular methods:
protect_from_forgery :except => :create
Solution 3 - Ruby on-Rails-3
With Rails 4, you now have the option to write in skip_before_action
instead of skip_before_filter
.
# Works in Rails 4 and 5
skip_before_action :verify_authenticity_token
or
# Works in Rails 3 and 4 (deprecated in Rails 4 and removed in Rails 5)
skip_before_filter :verify_authenticity_token