[LRUG] How to *not* add an authenticity token to a form

Taryn East teast at globalpersonals.co.uk
Thu Jul 23 04:26:20 PDT 2009


2009/7/23 Murray Steele <murray.steele at gmail.com>

>
> Well, I know that in my tests I have a:
>
> def protect_against_forgery?
>   false
> end
>
> so that none of my forms are rendered with auth tokens (there's some reason
> I didn't want certain tests to try and generate auth tokens, but I cant'
> remember what it is).  So I'm fairly sure that providing a
> protect_against_forgery? method that returns false gets you what you want.
> It's just a case of making that method available only to the views where you
> don't want auth tokens rendered.
>


nope - it definitely still renders the authenticity token in the forms...
what you've done just makes rails ignore it on the submit.

Cheers,
Taryn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/9907e1bd/attachment-0003.html>


More information about the Chat mailing list