[LRUG] How to *not* add an authenticity token to a form
Matthew Rudy Jacobs
matthewrudyjacobs at gmail.com
Thu Jul 23 02:48:16 PDT 2009
What's your particular need for action caching on this particular action?
Could you not fragment cache anything difficult,
and keep the form fresh?
2009/7/23 Taryn East <teast at globalpersonals.co.uk>
> Hi all,
>
> I'm running up against the "page/action cacheing vs forgery-protection"
> issue described in various places eg here:
> http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/
>
> Now - all the "solutions" that seem to be available say "turn off forgery
> protection"... but surely that isn't the only option out there. It seems so
> drastic (and dangerous).
>
> Is there no way to render a form without the authenticity token? No other
> ideas?
>
> Any ideas welcome :)
>
> Cheers,
> Taryn
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/6a68d83d/attachment.html>
More information about the Chat
mailing list