Rails 3 disabling session cookies

前端未结

关注

 10  1972

梦如初夏 2020-11-30 00:06

I have RESTful API written on RoR 3. I have to make my application not to send \"Set-Cookie header\" (clients are authorizing using auth_token parameter).

I have tri

10条回答

长情又很酷 (楼主)

2020-11-30 00:28
Further to John's answer, if you are using CSRF protection you would need to turn that off for web service requests. You can add the following as a protected method in your application controller:
```
  def protect_against_forgery?
    unless request.format.xml? or request.format.json?
      super
    end
  end
```
This way HTML requests still use CSRF (or not - depends on config.action_controller.allow_forgery_protection = true/false in the environment).
0 讨论(0)

查看其它10个回答
发布评论:

提交评论
- 加载中...