[LRUG] How to *not* add an authenticity token to a form

Craig Webster craig at xeriom.net
Thu Jul 23 03:00:35 PDT 2009


Have you tried turning off forgery protection just for the actions
that you're not interested in protecting using `skip_before_filter
:verify_authenticity_token`?

When you say it seems like a nice place to cache, have you done any
profiling? Will this actually give you a significant boost or does it
just increase complexity?

Cheers,
Craig

On Thu, Jul 23, 2009 at 10:51, Taryn East<teast at globalpersonals.co.uk> wrote:
> In my mind, the signup/login forms shouldn't need to be individual to a
> user, and there may be other places...
> It just seems like it'd be a nice place to cache...
> Taryn
>
> 2009/7/23 Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com>
>>
>> What's your particular need for action caching on this particular action?
>>
>> Could you not fragment cache anything difficult,
>> and keep the form fresh?
>>
>> 2009/7/23 Taryn East <teast at globalpersonals.co.uk>
>>>
>>> Hi all,
>>>
>>> I'm running up against the "page/action cacheing vs forgery-protection"
>>> issue described in various places eg here:
>>> http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/
>>>
>>> Now - all the "solutions" that seem to be available say "turn off forgery
>>> protection"... but surely that isn't the only option out there. It seems so
>>> drastic (and dangerous).
>>>
>>> Is there no way to render a form without the authenticity token? No other
>>> ideas?
>>>
>>> Any ideas welcome :)
>>>
>>> Cheers,
>>> Taryn
>>>
>>> _______________________________________________
>>> Chat mailing list
>>> Chat at lists.lrug.org
>>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>>
>>
>>
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>



-- 
Craig Webster   | http://barkingiguana.com/~craig
Xeriom Networks | http://xeriom.net/



More information about the Chat mailing list