[LRUG] How to *not* add an authenticity token to a form

Taryn East teast at globalpersonals.co.uk
Thu Jul 23 02:40:37 PDT 2009


Hi all,

I'm running up against the "page/action cacheing vs forgery-protection"
issue described in various places eg here:
http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/

Now - all the "solutions" that seem to be available say "turn off forgery
protection"... but surely that isn't the only option out there. It seems so
drastic (and dangerous).

Is there no way to render a form without the authenticity token? No other
ideas?

Any ideas welcome :)

Cheers,
Taryn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/d6ebf246/attachment-0003.html>


More information about the Chat mailing list