在轨道3中关闭 CSRF 令牌

我有一个 Rails 应用程序，它为 iPhone 应用程序提供一些 API。我希望能够简单地发布一个资源，而不用担心获得正确的 CSRF 令牌。我尝试了一些方法，我在这里看到的堆栈溢出，但似乎他们不再工作的轨道3。

谢谢你帮我。

70465 次浏览

小开

最佳答案

In the controller where you want to disable CSRF the check:

skip_before_action :verify_authenticity_token

Or to disable it for everything except a few methods:

skip_before_action :verify_authenticity_token, :except => [:update, :create]

Or to disable only specified methods:

skip_before_action :verify_authenticity_token, :only => [:custom_auth, :update]

小开

In Rails3 you can disable the csrf token in your controller for particular methods:

protect_from_forgery :except => :create

小开

With Rails 4, you now have the option to write in skip_before_action instead of skip_before_filter.

# Works in Rails 4 and 5
skip_before_action :verify_authenticity_token

# Works in Rails 3 and 4 (deprecated in Rails 4 and removed in Rails 5)
skip_before_filter :verify_authenticity_token