Brian Sammon
2014-Oct-08 17:03 UTC
serving html pages with <script> tags pointing at my .js files
Im building a web app based on a web design consisting of .html and .js files created by our web designer. The html files that I received have <script> tags pointing at the .js files, which should all be for layout/design stuff. When I try to serve these files through rails, I get CSRF errors. Looking at the docs for the "protect_from_forgery" method (http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html ) I get the impression that the only way to get this to work (serve the .js files from rails) is to turn off the CSRF protection for these javascript files. Am I reading that correctly? Also, I'm willing to believe that I'm generally "Doing It Wrong" here -- I started a thread here yesterday looking for general information on how to serve files provided by our web designer, while not knowing javascript or CSS. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/20141008130321.c19a57a1e9e19dd230d3ff85%40brisammon.fastmail.fm. For more options, visit https://groups.google.com/d/optout.