[LRUG] How to *not* add an authenticity token to a form
Murray Steele
murray.steele at gmail.com
Thu Jul 23 04:33:36 PDT 2009
2009/7/23 Taryn East <teast at globalpersonals.co.uk>
> Ah sorry - you're right. I got "protect_against_forgery? mixed up with
> "protect_from_forgery" (similar names are confusing).
> great - curiosity sated ;)
>
I dug deeper and it turns out we're both right. If you're rendering a get
you never get an auth token, if you're rendering a post you'll get a auth
token depending the result of protect_against_forgery?, any other method and
you'll always get an auth token.
Sounds like someone should wrap that up into a patch as it seems
inconsistent at best.
Muz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20090723/76fdd9f8/attachment-0003.html>
More information about the Chat
mailing list