[LRUG] How to *not* add an authenticity token to a form

Max Williams toastkid.williams at gmail.com
Thu Jul 23 04:27:11 PDT 2009


Well, you could always rip the form html from the page source and replace
the rails template form with it, removing the token in the process.  hello
lruggers btw.

2009/7/23 Taryn East <teast at globalpersonals.co.uk>

>
>
> 2009/7/23 Tom Lea <lrug at tomlea.co.uk>
>
>> How about this in your session controller (assuming restful).
>>
>> def protect_against_forgery?  super unless [:new, :create].include?
>> params[:action]
>> end
>>
>> (you don't need the skip_filter with this solution either)
>>
>> all untested. Good luck to ya!
>>
>
>
> again - this will stop you from verifying a token once you receive one...
> what I'm curious about is how to stop it from producing the token in the
> first place.
> Just curious if there's any way to do that.
>
>
> Taryn
>
>
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/e14afea8/attachment.html>


More information about the Chat mailing list