Turning this protection off (with care and alternative protection measures, I suggest!) on specific actions is possible. This is an example.
protect_from_forgery :except => [:process_payment]
<
Thursday, November 19, 2009
Open up your pages for outside requests
My previous post helps to POST a form to another site. Rails (in the current version anyway!) includes a basic solution to make XSS (Cross Site Scripting) or CSRF (Cross-Site Request Forgery) harder. In the application controller the protect_from_forgery method checks requests via a token. Of course from the outside you're not able to provide the right token...
Turning this protection off (with care and alternative protection measures, I suggest!) on specific actions is possible. This is an example.
<
Turning this protection off (with care and alternative protection measures, I suggest!) on specific actions is possible. This is an example.
<
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment