[LRUG] How to *not* add an authenticity token to a form

Taryn East teast at globalpersonals.co.uk
Thu Jul 23 03:20:06 PDT 2009


2009/7/23 Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com>

>
> 2009/7/23 Craig Webster <craig at xeriom.net>
>
>> Have you tried turning off forgery protection just for the actions
>> that you're not interested in protecting using `skip_before_filter
>> :verify_authenticity_token`?
>
>
> this seems to be the right thing.
>
> from the rails docs;
> ==========
> *verify_authenticity_token*()
>
> The actual before_filter that is used. Modify this to change how you handle
> unverified requests.
>
Yes - this is the solution I mentioned in my post - I know you can turn off
verification... but my question is - surely there's another way?


>  When you say it seems like a nice place to cache, have you done any
>> profiling? Will this actually give you a significant boost or does it
>> just increase complexity?
>
>
Nope - no profiling... this is idle speculation on what could-be... which is
also interesting, IMO, even if lower priority than actual pain-points.

Taryn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/82e410fb/attachment-0003.html>


More information about the Chat mailing list