How do I turn off CSRF protection in a rails app?
https://stackoverflow.com/questions/138311
-
02-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
The CSRF prevention built in to Rails is causing some problems for some automated load testing we are doing, and I want to turn it off for the duration of the process. How do I do this?
Solution
I love simple questions with clear answers.
#I go in application.rb
self.allow_forgery_protection = false
If you want to do this for testing only you can move that into one of the environment files (obviously, you'll be touching Application then rather than self). You could also write something like:
#I still go in application.rb
self.allow_forgery_protection = false unless ENV["RAILS_ENV"] == "production"
See here for details. (Continuing Rails' wonderful tradition of having documentation of core features in 2 year old blog posts, which were distilled from commit logs.)
OTHER TIPS
In Rails 3, remove the protect_from_forgery command in app/controllers/application_controller.rb
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
