stackoom
  简体   繁体   中英

Do Ruby on Rails 3 Jquery AJAX POST requests need the authenticity_token?

 原文  2013-06-27 15:48:56       ruby-on-rails/ ajax/ ruby-on-rails-3/ jquery/ security

Question

According to the Rails security guide, if you use protect_from_forgery, all non-GET requests include an authenticity token. When I have Jquery AJAX POST requests, however, I don't see the authenticity_token param as one of the params in the request. Is this how it's supposed to work?

Also, it seems that POST requests from outside a session (curl in a script) don't require an authencity_token, either.

Thanks!

1 answers

solution1
 1 ACCPTED  2013-09-22 16:45:45

Rails will send this parameter in the headers rather than in the post data. You need to include the built in rails UJS library to get this to work. Take a look at the headers in your request and you should see one called X-CSRF-Token.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Doing AJAX Post in rails without passing in the authenticity_token To Ruby on Rails - authenticity_token does not work How to post authenticity_token? Authenticity_token in Rails + Android Ruby on Rails form page caching including authenticity_token Ruby on Rails: found unpermitted parameters: _method, authenticity_token How to POST with missing authenticity_token in rspec rails request test? My jquery AJAX POST requests works without sending an Authenticity Token (Rails) user subscription and authenticity_token need CAPTCHA? Get authenticity_token from Rails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM