diveintohacking
Reputation: 5183
WARNING: Can't verify CSRF token authenticity in case of API development
I am right now developing web APIs with Ruby on Rails. When the Rails app receives POST request without any csrf token, the following error message shall happen. Because the app has no views.
WARNING: Can't verify CSRF token authenticity
So my question is how can I escape csrf token check safely in this case?
Thank you very much in advance.
Upvotes: 49
Views: 54539
Answers (2)
Bryan Dimas
Reputation: 1452
For rails 4 it should be
skip_before_action :verify_authenticity_token, only: [:one_or_two_actions_here]
Note that you should avoid skipping verify_authenticity_token on all actions of your controller, instead use the option only to skip only where you have to. See the docs
Upvotes: 20
Kush Kella
Reputation: 1213
You can do this by adding
skip_before_filter :verify_authenticity_token
to your controller. This way all incoming requests to the controller skips the :verify_authenticity_token filter.
Upvotes: 66
Related Questions
- Can't verify CSRF token authenticity! RAILS API with POST
- WARNING: Can't verify CSRF token authenticity rails
- Can't verify CSRF token authenticity Rails 4.1
- Rails 3.2.15 "Can't verify CSRF token authenticity" although token exists
- API/JSON: Can't verify CSRF token authenticity
- How to make sure Rails API is secured from CSRF?
- Rails 4 Can't verify CSRF token authenticity
- How to generate csrf token for API?
- Rails 3 : Can't verify CSRF token authenticity
- Rails - WARNING: Can't verify CSRF token authenticity