Tell me about your PUT requests to Rails endpoints from client-side frameworks (no jQuery UJS) & how you dealt with CSRF token.
-
-
Replying to @olivierlacan
I completely sailed passed the whole CSRF is now masked and always appears different in Rails 4.2. Rude awakening.
1 reply 0 retweets 0 likes -
Replying to @olivierlacan
Also please tell me protect_from_forgery with: :exception is default in Rails 5. Lost hours of my life yet again to silent errors.
2 replies 0 retweets 0 likes -
-
Replying to @sgrif
It’s not the default in Rails 4.2 so I’m not sure what you mean.
3 replies 0 retweets 0 likes -
Replying to @olivierlacan
(Of course `protect_from_forgery` by itself doesn't change, but that would be unnecessary breakage of existing apps)
2 replies 0 retweets 0 likes -
Replying to @sgrif
Understood. My point is that it is necessary breakage (especially in a post-major release like 5.1 for instance).
2 replies 0 retweets 0 likes
Absolutely disagree. Would not fundamentally change the behavior of existing apps.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.