<br><br><div class="gmail_quote">2009/7/23 Craig Webster <span dir="ltr"><<a href="mailto:craig@xeriom.net">craig@xeriom.net</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Have you tried turning off forgery protection just for the actions<br>
that you're not interested in protecting using `skip_before_filter<br>
:verify_authenticity_token`?</blockquote><div><br>this seems to be the right thing.<br><br>from the rails docs;<br>==========<br><b>verify_authenticity_token</b>()
<div class="description">
<p>
The actual before_filter that is used. Modify this to change how you handle
unverified requests.
</p>
</div> ==========</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
When you say it seems like a nice place to cache, have you done any<br>
profiling? Will this actually give you a significant boost or does it<br>
just increase complexity?<br>
<br>
Cheers,<br>
Craig<br>
<div><div></div><div class="h5"><br>
On Thu, Jul 23, 2009 at 10:51, Taryn East<<a href="mailto:teast@globalpersonals.co.uk">teast@globalpersonals.co.uk</a>> wrote:<br>
> In my mind, the signup/login forms shouldn't need to be individual to a<br>
> user, and there may be other places...<br>
> It just seems like it'd be a nice place to cache...<br>
> Taryn<br>
><br>
> 2009/7/23 Matthew Rudy Jacobs <<a href="mailto:matthewrudyjacobs@gmail.com">matthewrudyjacobs@gmail.com</a>><br>
>><br>
>> What's your particular need for action caching on this particular action?<br>
>><br>
>> Could you not fragment cache anything difficult,<br>
>> and keep the form fresh?<br>
>><br>
>> 2009/7/23 Taryn East <<a href="mailto:teast@globalpersonals.co.uk">teast@globalpersonals.co.uk</a>><br>
>>><br>
>>> Hi all,<br>
>>><br>
>>> I'm running up against the "page/action cacheing vs forgery-protection"<br>
>>> issue described in various places eg here:<br>
>>> <a href="http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/" target="_blank">http://mandarinsoda.com/2008/01/29/stupid-rails-mistakes-caching-and-authenticity-tokens/</a><br>
>>><br>
>>> Now - all the "solutions" that seem to be available say "turn off forgery<br>
>>> protection"... but surely that isn't the only option out there. It seems so<br>
>>> drastic (and dangerous).<br>
>>><br>
>>> Is there no way to render a form without the authenticity token? No other<br>
>>> ideas?<br>
>>><br>
>>> Any ideas welcome :)<br>
>>><br>
>>> Cheers,<br>
>>> Taryn<br>
>>><br>
>>> _______________________________________________<br>
>>> Chat mailing list<br>
>>> <a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
>>> <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
>>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Chat mailing list<br>
>> <a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
>> <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Chat mailing list<br>
> <a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
> <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
><br>
><br>
<br>
<br>
<br>
</div></div><font color="#888888">--<br>
Craig Webster | <a href="http://barkingiguana.com/%7Ecraig" target="_blank">http://barkingiguana.com/~craig</a><br>
Xeriom Networks | <a href="http://xeriom.net/" target="_blank">http://xeriom.net/</a><br>
</font><div><div></div><div class="h5">_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
</div></div></blockquote></div><br>