[LRUG] How to *not* add an authenticity token to a form

Taryn East teast at globalpersonals.co.uk
Thu Jul 23 04:23:31 PDT 2009


2009/7/23 Tom Lea <lrug at tomlea.co.uk>

> How about this in your session controller (assuming restful).
>
> def protect_against_forgery?  super unless [:new, :create].include?
> params[:action]
> end
>
> (you don't need the skip_filter with this solution either)
>
> all untested. Good luck to ya!
>


again - this will stop you from verifying a token once you receive one...
what I'm curious about is how to stop it from producing the token in the
first place.
Just curious if there's any way to do that.


Taryn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/c69285b2/attachment-0003.html>


More information about the Chat mailing list