search for: set_authenticity_cooki

Displaying 1 result from an estimated 1 matches for "set_authenticity_cooki".

2014 May 03
0
Putting form_authenticity_token (csrf token) in a cookie instead of in meta tags?
...g csrf_meta_tags in the header makes it impossible for a proxy to cache the page. I have an idea for how to fix it but thought I would ask here, to see if people think there would be problems with it: I could create an after_action in ApplicationController that looks like this: after_action :set_authenticity_cookie def set_authenticity_cookie cookies[:form_authenticity_token] = form_authenticity_token ifform_authenticity_token end So basically send the form_authenticity_token to the browser in a cookie instead of putting it in the HTML. Client-side, I could write a little JavaScript that pulls it out...