Hallo,
I want to test the csrf protection of my application but forgery
protection is not working with jquery ajax request.
I have used Unobtrusive Javascript with jquery
I have removed the
<%= csrf_meta_tag %>
so that my application do not include authenticity token.
In my view I have the following code
$(function () {
$('#alert').click(function () {
$.ajax({
type: "POST",
data: ({ lo: 67, pi: 22 }),
url: '/test/set',
});
})
});
I have also include in the application controller
protect_from_forgery
and have set in development configuration
config.action_controller.consider_all_requests_local = false
However the post command is completed successfully.
Does anyone know why the protection is not working?
Thank you
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
