<br><div class="gmail_quote">2009/7/23 Murray Steele <span dir="ltr"><<a href="mailto:murray.steele@gmail.com">murray.steele@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br><div class="gmail_quote"><div class="im">2009/7/23 Taryn East <span dir="ltr"><<a href="mailto:teast@globalpersonals.co.uk" target="_blank">teast@globalpersonals.co.uk</a>></span><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<div class="im"><br><br>Is there no way to render a form without the authenticity token? No other ideas?<br>
</div></blockquote><div><br>The bit that controls when an auth token are rendered is protect_against_forgery? a helper method which relies on the class level allow_forgery_protection variable. So on a controller level you could probably do this:<br>
<br>class IDontCareAboutNoForgeryController < ApplicationController<br> self.allow_forgery_protection = false<br>end<br><br>However, I can imagine that you might want the controller to care about forgery protection if auth tokens are provided, but in certain actions not actually bother with rendering an auth token. I don't think you can selectively include helpers in actions, so you might have to do some before_filter helper fu (or just use a separate controller for rendering the un-auth-token-generating-forms).</div>
</div></blockquote><div><br>I thought so too... but from looking into the source code "allow forgery protection" is just another way of calling the <b>verify_authenticity_token</b> filter (you can see it here:<a href="http://apidock.com/rails/ActionController/RequestForgeryProtection/ClassMethods/protect_from_forgery">http://apidock.com/rails/ActionController/RequestForgeryProtection/ClassMethods/protect_from_forgery</a>) .<br>
<br>It doesn't actually stop the token from being rendered into the form for that action (I checked).<br><br>I'm now simply curious about whether or not there is actually a way to not render the authenticity token... regardless of the actual application of said token. Is there a way of telling rails "don't render the token in this form/action" and having it actually obey... short of hacking into core?<br>
<br><br></div></div>Cheers,<br>Taryn<br>