active_admin-sortable_tree icon indicating copy to clipboard operation
active_admin-sortable_tree copied to clipboard

Published 20 hours ago verified publisher icon zorab47

Fix CSRF InvalidAuthenticityToken

Open cprodhomme opened this issue 5 years ago • 2 comments

cprodhomme avatar Feb 21 '20 17:02 cprodhomme

Any worries of raising JS errors if that attribute is missing? How do other plugins solve this problem?

zorab47 avatar Feb 22 '20 01:02 zorab47

many people speak about put this line skip_before_filter :verify_authenticity_token into their controller but it's a huge mistake because the authenticity token is a random value generated in your view to prove a request is submitted from a form on your site, not somewhere else. This protects against CSRF attacks.

maybe, you need to check before the value $('meta[name=csrf-token]') is not null 🤔

cprodhomme avatar Feb 22 '20 11:02 cprodhomme