Menu
I have a Rails 3 Facebook canvas app. When it loads up it gives me an invalid authenticity token error and displays the signed_request parameter that Facebook sends to my app. Is there a way to bypass the 'protect_from_forgery' for the signed_request from facebook?
Thanks!
Tim
361
Rails includes a built-in mechanism for preventing CSRF, protect_from_forgery , which is included by default in the application_controller. rb controller when generating new applications. This protect_from_forgery method leverages magic to ensure that your application is protected from hackers!
Briefly, Cross-Site Request Forgery (CSRF) is an attack that allows a malicious user to spoof legitimate requests to your server, masquerading as an authenticated user. Rails protects against this kind of attack by generating unique tokens and validating their authenticity with each submission.
Problem solved. I added
skip_before_filter :verify_authenticity_token, :only => [THE ACTION]
to the top of my controller.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
