[LRUG] How to not add an authenticity token to a form

Thu Jul 23 02:40:37 PDT 2009

Hi all,

I'm running up against the "page/action cacheing vs forgery-protection"
issue described in various places eg here:
http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/

Now - all the "solutions" that seem to be available say "turn off forgery
protection"... but surely that isn't the only option out there. It seems so
drastic (and dangerous).

Is there no way to render a form without the authenticity token? No other
ideas?

Any ideas welcome :)

Cheers,
Taryn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/d6ebf246/attachment-0003.html>

[LRUG] How to *not* add an authenticity token to a form

[LRUG] How to not add an authenticity token to a form