[LRUG] How to *not* add an authenticity token to a form
Murray Steele
murray.steele at gmail.com
Thu Jul 23 03:40:07 PDT 2009
2009/7/23 Taryn East <teast at globalpersonals.co.uk>
> Hi all,
>
> Is there no way to render a form without the authenticity token? No other
> ideas?
>
The bit that controls when an auth token are rendered is
protect_against_forgery? a helper method which relies on the class level
allow_forgery_protection variable. So on a controller level you could
probably do this:
class IDontCareAboutNoForgeryController < ApplicationController
self.allow_forgery_protection = false
end
However, I can imagine that you might want the controller to care about
forgery protection if auth tokens are provided, but in certain actions not
actually bother with rendering an auth token. I don't think you can
selectively include helpers in actions, so you might have to do some
before_filter helper fu (or just use a separate controller for rendering the
un-auth-token-generating-forms).
Muz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/de7b9523/attachment-0003.html>
More information about the Chat
mailing list