[Rails] Rails 4: Should a HEAD request not be handled like a GET for CSRF protection?

Ruby on Rails Tuesday, January 22, 2013

I am running a Rails 4 app in semi-production and I constantly get exceptions from crawler bots that use a HEAD HTTP method, which causes the CSRF protection to kick in.


Shouldn't HEAD requests normally be handled like GET requests?

I am not sure if I'm just being stupid or that hit is a bug somewhere.

Michiel

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/CBalCFmpl9kJ.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Posted by Ruby on Rails at 11:38 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)