Reputation: 17589
Doing AJAX Post in rails without passing in the authenticity_token
So I remember that one time, when i was trying to do an AJAX post, I had to pass in the form_authenticity_token as one of the data to rails. For some reason, not doing so will generate some kind of error and I would get logged out immediately. Is there a way to still have this this authenticity token for form submission but not for ajax post? In other words, I dont want to pass in that autheniticy token in my post data.
Upvotes: 3
Views: 2042
Answers (2)
Reputation: 2081
Rather than disabling authenticity token verification, you could just pass it to javascript like so:
<%= javascript_tag "var AUTH_TOKEN = #{form_authenticity_token.inspect};" if protect_against_forgery? %>
Then just submit AUTH_TOKEN along with any AJAX posts.
Upvotes: 2
Reputation: 44952
Per the documentation
You can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
Upvotes: 4
Related Questions
- Proper way to send an Authenticity Token with AJAX to Rails
- Rails post can't verify CSRF token authenticity
- Rails 3 AJAX request authenticity token ignored
- Rails How to send an Authenticity Token in an Ajax Request without a form involved?
- Send a session token via AJAX
- Rails Ajax Can't verify CSRF token Authenticity
- Rails 4 Ajax request with no authenticity token
- Do Ruby on Rails 3 Jquery AJAX POST requests need the authenticity_token?
- My jquery AJAX POST requests works without sending an Authenticity Token (Rails)
- Rails Auth Token and Ajax