Manuel Ángel Suarez Álvarez
Reputation: 47
How can i restrict protect_from_forgery with exception rails
I have a rails application that is both a regular web page and an API. I have activated the
protect_from_forgery with: :exception
in the ApplicationController and because of that I'm getting errors when doing POST request to the api (422 responses).
So I want to restrict the
protect_from_forgery with: :exception
to the regular and put
protect_from_forgery with: :null_session
to my API(Wich is under the API/v1 namespace). How can I do that?
Upvotes: 1
Views: 134
Answers (1)
dimakura
Reputation: 7655
You can put protect_from_forgery with: :null_session in respective controller, which is used for API calls.
The best way is to create a new API::BaseController controller:
class API::BaseController < ApplicationController
protect_from_forgery with: :null_session
end
and extend all other API controllers from it. This way you don't need to repeat this declaration for every controller.
Upvotes: 1
Related Questions
- Rails: How to implement protect_from_forgery in Rails API mode
- protect_from_forgery with: :exception rails 5
- Shouldn't protect_from_forgery with: :exception raise an error if I don't include an authenticity token?
- 'protect_from_forgery' in Application controller in Rails
- protect_from_forgery how to handle resulting exception
- rails protect_from_forgery raises with exception
- Rails 4 skipping protect_from_forgery for API actions
- protect_from_forgery with: :exception where?
- Rails request forgery protection settings
- Rails: How to add an exception for an external server to request via post/put for activated protection from forgery?