<br><br><div class="gmail_quote">2009/7/23 Murray Steele <span dir="ltr"><<a href="mailto:murray.steele@gmail.com">murray.steele@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="gmail_quote"><div><br>Well, I know that in my tests I have a:<br><br>def protect_against_forgery?<br> false<br>end<br><br>so that none of my forms are rendered with auth tokens (there's some reason I didn't want certain tests to try and generate auth tokens, but I cant' remember what it is). So I'm fairly sure that providing a protect_against_forgery? method that returns false gets you what you want. It's just a case of making that method available only to the views where you don't want auth tokens rendered.</div>
</div></blockquote><div><br><br>nope - it definitely still renders the authenticity token in the forms... what you've done just makes rails ignore it on the submit.<br><br>Cheers,<br>Taryn<br> </div></div><br>