How to turn off rails protect_from_forgery filter only for json

Question

I have web site built with Rails3 and now I want to implement json API for mobile client access. However, sending json post request from the client because of the protect_fr

Answer 1

Instead of disabling the CSRF check you can pass the authenticity_token field in your forms, eg:

<%= hidden_field_tag :authenticity_token, form_authenticity_token %>

http://apidock.com/rails/v2.0.0/ActionController/RequestForgeryProtection/ClassMethods/protect_from_forgery