How do I ignore the authenticity token for specific actions in Rails?

后端未结

关注

 2  1543

When I have a specific action that I don\'t want to check the authenticity token on, how do I tell Rails to skip checking it?

相关标签:

2条回答

灰色年华

2020-12-02 07:15

In Rails4 you use skip_before_action with except or only.

class UsersController < ApplicationController
  skip_before_action :verify_authenticity_token, only: [:create]
  skip_before_action :some_custom_action, except: [:new]

  def new
    # code
  end

  def create
    # code
  end

  protected
  def some_custom_action
    # code
  end
end

0 讨论(0)

没有蜡笔的小新

2020-12-02 07:28

In Rails 4:

skip_before_action :verify_authenticity_token, except: [:create, :update, :destroy]

And Rails 3:

skip_before_filter :verify_authenticity_token

For previous versions:

For individual actions, you can do:

protect_from_forgery :only => [:update, :destroy, :create]
#or
protect_from_forgery :except => [:update, :destroy, :create]

For an entire controller, you can do:

skip_before_action :verify_authenticity_token

0 讨论(0)