{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Summer. ? 凉城 的问题《WARNING: Can't verify CSRF token authenticity》','https://www.manongdao.com/q-140510.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am right now developing web APIs with Ruby on Rails. When the Rails app receives POST request without any csrf token, the following error message shall happen. Because the app has no views.
WARNING: Can't verify CSRF token authenticity
So my question is how can I escape csrf token check safely in this case?
Thank you very much in advance.
For rails 4 it should be
Note that you should avoid skipping verify_authenticity_token on all actions of your controller, instead use the option
onlyto skip only where you have to. See the docsYou can do this by adding
to your controller. This way all incoming requests to the controller skips the :verify_authenticity_token filter.