Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST
I think reading CSRF-value from DOM is not a good solution, it’s just a workaround. Here is a document form angularJS official website http://docs.angularjs.org/api/ng.$http : Since only JavaScript that runs on your domain could read the cookie, your server can be assured that the XHR came from JavaScript running on your domain. To take advantage … Read more