Unable to deactivate forgery protection


#1

Hi,

I just created a new Rails app that will be receiving some POSTed data
from the outside so it must skip the verify_authenticity_token for some
create actions. Although I have added:
skip_before_filter :verifiy_authenticity_token

I still get InvalidAuthenticityToken. In one of my other Rails app
(created back in Rails 1.2.6 and updated to 2.3.2 over time) this
skipping works perfectly though, has anything changed since? Do I need
to do anything more?

Thanks.


#2

can you try

protect_from_forgery :except => [ :create, :other_task ]

On May 5, 1:14 pm, Fernando P. removed_email_address@domain.invalid


#3

I’m assuming that the above is not a cut-and-paste from the app?
Because “verify” is misspelled.
Magnificent catch! I would not have been able to spot it by myself!

Thank you Freddy and C.R.O. for your time :slight_smile:


#4

On May 5, 2009, at 2:14 PM, Fernando P. wrote:

Although I have added:
skip_before_filter :verifiy_authenticity_token

Fernando,

I’m assuming that the above is not a cut-and-paste from the app?
Because “verify” is misspelled.

–cro