Hallo,
I want to test the csrf protection of my application but forgery
protection is not working with jquery ajax request.
I have used Unobtrusive Javascript with jquery
I have removed the
<%= csrf_meta_tag %>
so that my application do not include authenticity token.
In my view I have the following code
$(function () {
$(''#alert'').click(function () {
$.ajax({
type: "POST",
data: ({ lo: 67, pi: 22 }),
url: ''/test/set'',
});
})
});
I have also include in the application controller
protect_from_forgery
and have set in development configuration
config.action_controller.consider_all_requests_local = false
However the post command is completed successfully.
Does anyone know why the protection is not working?
Thank you
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
