Hallo,
I want to test the csrf protection of my application but forgery
protection is not working with jquery ajax request.
I have used Unobtrusive Javascript with jquery
I have removed the
<%= csrf_meta_tag %>
so that my application do not include authenticity token.
In my view I have the following code
$(function () {
$(’#alert’).click(function () {
$.ajax({
type: “POST”,
data: ({ lo: 67, pi: 22 }),
url: ‘/test/set’,
});
})
});
I have also include in the application controller
protect_from_forgery
and have set in development configuration
config.action_controller.consider_all_requests_local = false
However the post command is completed successfully.
Does anyone know why the protection is not working?
Thank you