Question
I have a controller named ProductsController, and I've created an action named set_status for the purpose of PUT API calls from a .NET client application. I have gotten everything set up correctly, but after sending a request, I receive a "Can't verify CSRF token authenticity" error. I have the following in my Application controller for CSRF protection:
https://stackoverflow.com/questions/23373329
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianprotect_from_forgery
In order to bypass the CSRF protection, I've added the following to my Products controller:
skip_before_filter :set_status
After testing with this change, I still get the same error message. Based on my understanding, the above line of code should disable CSRF protection for the set_status action in the Products controller, but it does not seem to be working.
Does anyone have any insight on why this might not be working? Thank you very much in advance!
Solution
I figured it out! Here's my code:
skip_before_filter :verify_authenticity_token, only: :set_status
I forgot that the protect_from_forgery statement creates methods of its own. One of those methods is verify_authenticity_token, and so it was much more straightforward than I thought. I was stuck before because I didn't have a verify_authenticity_token method, but I actually did because it's generated automatically.
For Rails 4+
skip_before_action :verify_authenticity_token, only: :set_status
