Forgery Protection

By default, csrf forgery protection is enabled in html mode and disabled in api mode. You can override the setting with default_protect_from_forgery.

Jets.application.configure do
  config.controllers.default_protect_from_forgery = false
end

You can also skip the before_action filter on a per-controller basis.

class PostsController < ApplicationController
  skip_forgery_protection
end

Pro tip: Use the <- and -> arrow keys to move back and forward.

Edit this page

See a typo or an error? You can improve this page. This website is available on GitHub, and contributions are encouraged and welcomed. We love pull requests from you!