authenticity-token - w3toppers.com

Rails 4 Authenticity Token

I think I just figured it out. I changed the (new) default protect_from_forgery with: :exception to protect_from_forgery with: :null_session as per the comment in ApplicationController. # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. You can see the difference by looking at the source for request_forgery_protecton.rb, … Read more

Understanding the Rails Authenticity Token

What happens When the user views a form to create, update, or destroy a resource, the Rails app creates a random authenticity_token, stores this token in the session, and places it in a hidden field in the form. When the user submits the form, Rails looks for the authenticity_token, compares it to the one stored … Read more