[LRUG] How to *not* add an authenticity token to a form

Taryn East teast at globalpersonals.co.uk
Thu Jul 23 02:51:26 PDT 2009


In my mind, the signup/login forms shouldn't need to be individual to a
user, and there may be other places...
It just seems like it'd be a nice place to cache...
Taryn

2009/7/23 Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com>

> What's your particular need for action caching on this particular action?
>
> Could you not fragment cache anything difficult,
> and keep the form fresh?
>
> 2009/7/23 Taryn East <teast at globalpersonals.co.uk>
>
>> Hi all,
>>
>> I'm running up against the "page/action cacheing vs forgery-protection"
>> issue described in various places eg here:
>> http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/
>>
>> Now - all the "solutions" that seem to be available say "turn off forgery
>> protection"... but surely that isn't the only option out there. It seems so
>> drastic (and dangerous).
>>
>> Is there no way to render a form without the authenticity token? No other
>> ideas?
>>
>> Any ideas welcome :)
>>
>> Cheers,
>> Taryn
>>
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/79546716/attachment-0003.html>


More information about the Chat mailing list