How do I turn off CSRF protection in a rails app?
I love simple questions with clear answers.
#I go in application.rbself.allow_forgery_protection = false
If you want to do this for testing only you can move that into one of the environment files (obviously, you'll be touching Application
then rather than self
). You could also write something like:
#I still go in application.rbself.allow_forgery_protection = false unless ENV["RAILS_ENV"] == "production"
See here for details. (Continuing Rails' wonderful tradition of having documentation of core features in 2 year old blog posts, which were distilled from commit logs.)
In Rails 3, remove the protect_from_forgery
command in app/controllers/application_controller.rb