Skip_before_filter when api_key is present

Question

Skip_before_filter when api_key is present

I am trying to create api for my rails application.

I want to skip csrf before the filter when a valid api_key is present in non-get requests.

I tried (I will check api_key as soon as I can get the conditional filter to work)

(skip_before_filter :verify_authenticity_token) if params[:api_key].present?

But this does not work ...

Any ideas?

+6

api ruby-on-rails ruby-on-rails-3 csrf

Cyrus May 15, '12 at 19:58

source share

4 answers

Rails 3.2.13 -

None of the above solutions worked (maybe I did something wrong?), But it happened:

 skip_before_filter :verify_authenticity_token, :if => :check_auth def check_auth request.headers["authentication_token"] == ENV['AUTH_KEY'] end

0

Narfanator May 10, '13 at 3:30

source share

It is not possible to make skip_before_filter conditional. You cannot use 'if' on skip_before_filter.

-1

wedy Mar 20 '13 at 23:25

source share

try it

 skip_before_filter :verify_authenticity_token, :except => [], if params[:api_key].present?

-2

Mike May 15, '12 at 20:29

source share

Yuri Barbashov · Accepted Answer · 2012-05-15T20:19:34+0000

I don’t think this might work, because if the expression is evaluated at the time the controller class was created, why params[:api_key].present? is false at this moment ... u can try

skip_before_filter :verify_authenticity_token, :if =>lambda{ params[:api_key].present?}

Skip_before_filter when api_key is present

More articles: