I have a Rails 3 Facebook canvas app. When it loads up it gives me an invalid authenticity token error and displays the signed_request parameter that Facebook sends to my app. Is there a way to bypass the 'protect_from_forgery' for the signed_request from facebook?
Thanks!
Tim
Problem solved. I added
skip_before_filter :verify_authenticity_token, :only => [THE ACTION]
to the top of my controller.
You can also just remove protect_from_forgery from the application controller, if you only use the app as a canvas app.
来源:https://stackoverflow.com/questions/4551210/how-do-i-bypass-protect-from-forgery-in-rails-3-for-a-facebook-canvas-app