I have a react component in my rails app where I'm trying to use fetch() to send a POST to my rails app hosted on localhost, this gives me the error: ActionController::InvalidAuthenticityToken (Ac...

I have web site built with Rails3 and now I want to implement json API for mobile client access. However, sending json post request from the client because of the protect_from_forgery filter. Becau...

If the protect_from_forgery option is mentioned in application_controller, then I can log in and perform any GET requests, but on very first POST request Rails resets the session, which logs me out...

I have read multiple questions and answers here on StackOverflow about InvalidAuthenticityToken and protect_from_forgery but get none the wiser. I have a website that get hundreds of these errors...

I am using Rails 3.0.2 which has protect_from_forgery by default in application_controller.rb. I wanted to trigger an InvalidAuthenticityToken. To do this I have added this javascript to my page:...

I understand that Rails by default doesn't have CSRF protection for HTTP GET requests, because, it claims they are idempotent. However, there is sensitive information that is returned to the user f...

I have two applications that need to talk to each other over HTTP. One is a PHP app and the other is my main app, the Rails app. I am needing the PHP app to talk to the Rails app by POSTing data to...

please help a newbie in Rails :) I have protect_from_forgery call (which is given by default) with no attributes in my ApplicationController class. Basically here's the code: class ApplicationCo...

I'm asking this because I feel that it's making my life overly complicated when I start communicating with rails using ajax or flash. I know it's nice to protect against CSRF, but couldn't I just ...