Displaying 1 result from an estimated 1 matches for "set_authenticity_cookie".
2014 May 03
0
Putting form_authenticity_token (csrf token) in a cookie instead of in meta tags?
...g
csrf_meta_tags in the header makes it impossible for a proxy to cache the
page.
I have an idea for how to fix it but thought I would ask here, to see if
people think there would be problems with it: I could create an
after_action in ApplicationController that looks like this:
after_action :set_authenticity_cookie
def set_authenticity_cookie
cookies[:form_authenticity_token] = form_authenticity_token ifform_authenticity_token
end
So basically send the form_authenticity_token to the browser in a cookie
instead of putting it in the HTML.
Client-side, I could write a little JavaScript that pulls it out...