protect-from-forgery

Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST

阅读更多关于 Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST

If the protect_from_forgery option is mentioned in application_controller, then I can log in and perform any GET requests, but on very first POST request Rails resets the session, which logs me out. I turned the protect_from_forgery option off temporarily, but would like to use it with Angular.js. Is there some way to do that? HungYuHei I think reading CSRF-value from DOM is not a good solution, it's just a workaround. Here is a document form angularJS official website http://docs.angularjs.org/api/ng.$http : Since only JavaScript that runs on your domain could read the cookie, your server can

Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST

阅读更多关于 Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST

问题 If the protect_from_forgery option is mentioned in application_controller, then I can log in and perform any GET requests, but on very first POST request Rails resets the session, which logs me out. I turned the protect_from_forgery option off temporarily, but would like to use it with Angular.js. Is there some way to do that? 回答1: I think reading CSRF-value from DOM is not a good solution, it's just a workaround. Here is a document form angularJS official website http://docs.angularjs.org

订阅 protect-from-forgery