Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails 3.2 - Disable CSRF Protection for controller action

I have a controller named ProductsController, and I've created an action named set_status for the purpose of PUT API calls from a .NET client application. I have gotten everything set up correctly, but after sending a request, I receive a "Can't verify CSRF token authenticity" error. I have the following in my Application controller for CSRF protection:

protect_from_forgery

In order to bypass the CSRF protection, I've added the following to my Products controller:

skip_before_filter :set_status

After testing with this change, I still get the same error message. Based on my understanding, the above line of code should disable CSRF protection for the set_status action in the Products controller, but it does not seem to be working.

Does anyone have any insight on why this might not be working? Thank you very much in advance!

like image 572
Alexander Avatar asked Apr 29 '14 19:04

Alexander


1 Answers

I figured it out! Here's my code:

skip_before_filter :verify_authenticity_token, only: :set_status

I forgot that the protect_from_forgery statement creates methods of its own. One of those methods is verify_authenticity_token, and so it was much more straightforward than I thought. I was stuck before because I didn't have a verify_authenticity_token method, but I actually did because it's generated automatically.

For Rails 4+

skip_before_action :verify_authenticity_token, only: :set_status
like image 79
Alexander Avatar answered Sep 22 '22 03:09

Alexander