Forum: Ruby on Rails Security Rails ajax call

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
48c1402b87ff63718ba21a446fe455ef?d=identicon&s=25 Alessio V. (alessio_v)
on 2017-02-02 15:26
Hi, I use Rails3.2 and JQuery. If I make an ajax call for example

 $.ajax({ url: 'YOUR URL HERE',
  type: 'POST',
  beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token',
$('meta[name="csrf-token"]').attr('content'))},
  data: 'someData=' + someData,
  success: function(response) {
    $('#someDiv').html(response);
  }
});;

I send to the server all parameter of autentication in the header
automatically..so there isn't the problem of security and credentials?
This topic is locked and can not be replied to.