WARNING. It is not possible to verify the authenticity of the CSRF token if the API is developed.

Question

WARNING. It is not possible to verify the authenticity of the CSRF token if the API is developed.

I am developing a web API with Ruby on Rails. When a Rails application receives a POST request without any csrf token, the following error message should appear. Since the application has no views.

WARNING: Can't verify CSRF token authenticity

So my question is, how can I avoid checking the csrf token in this case?

Thank you in advance.

+47

ruby api ruby-on-rails-3 csrf token

gipcompany Feb 23 '13 at 13:18

source share

2 answers

Kush Kella · Answer 1 · 2013-02-23 14:21

You can do this by adding

 skip_before_filter :verify_authenticity_token

to your controller. Thus, all incoming controller requests skip: verify_authenticity_token filter.

Bryan Dimas · Answer 2 · 2015-12-15 22:59

For rails 4 it should be

 skip_before_action :verify_authenticity_token, only: [:one_or_two_actions_here]

Note that you should avoid skipping the verify_authenticity_token check in all actions of your controller, use the only option instead to skip only where you need it. See documents

WARNING. It is not possible to verify the authenticity of the CSRF token if the API is developed.

More articles: