Override the protect_from_forgery strategy in a controller

Question

I want to build a rails app with two different protect_from_forgery strategies: one for the web application, and one for the API.

In my application controller I have thi

Answer 1

Late to the party, but something like this can be done:

class YourCustomStrategy
  def initialize(controller)
  end

  def handle_request
  end
end

And in your ApplicationController or where you want:

class ApplicationController < ActionController::Base
 protect_from_forgery with: YourCustomStrategy
end