Skip to content

Disable csrf for json #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 20, 2016
Merged

Disable csrf for json #306

merged 1 commit into from
Jul 20, 2016

Conversation

alexeuler
Copy link
Contributor

@alexeuler alexeuler commented Jul 14, 2016
edited by justin808
Loading

Disable CSRF for json requests to enable mobile requests to the API

This change is Reviewable

@justin808
Copy link
Member

@alleycat-at-git Next time please run inters:

rubocop -a                                                                                                                                                       [16:14:26]
Inspecting 41 files
..C......................................

Offenses:

app/controllers/application_controller.rb:4:46: C: [Corrected] Style/Proc: Use proc instead of Proc.new.
  protect_from_forgery with: :exception, if: Proc.new { request.headers['X-Auth'] != 'tutorial_secret' }
                                             ^^^^^^^^
app/controllers/application_controller.rb:4:73: C: [Corrected] Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
  protect_from_forgery with: :exception, if: Proc.new { request.headers['X-Auth'] != 'tutorial_secret' }
                                                                        ^^^^^^^^
app/controllers/application_controller.rb:4:86: C: [Corrected] Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
  protect_from_forgery with: :exception, if: Proc.new { request.headers['X-Auth'] != 'tutorial_secret' }
                                                                                     ^^^^^^^^^^^^^^^^^

41 files inspected, 3 offenses detected, 3 offenses corrected

@alexeuler @justin808
Disable csrf for tutorial react-native app
150e31e 
Tutorial has to send the following header:

"X-Auth": "tutorial_secret"

and then CSRF is ignored.
@justin808
Copy link
Member

:lgtm:

Reviewed 1 of 1 files at r2.
Review status: 0 of 1 files reviewed at latest revision, all discussions resolved.

Comments from Reviewable

@justin808 justin808 merged commit 1548a8a into master Jul 20, 2016
@justin808 justin808 deleted the alexey/csrf branch July 20, 2016 03:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexeuler @justin808