Im building a web app based on a web design consisting of .html and .js files created by our web designer.
The html files that I received have <script> tags pointing at the .js files, which should all be for layout/design stuff.
When I try to serve these files through rails, I get CSRF errors.
Looking at the docs for the "protect_from_forgery" method
(http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html )
I get the impression that the only way to get this to work (serve the .js files from rails) is to turn off the CSRF protection for these javascript files.
Am I reading that correctly?
Also, I'm willing to believe that I'm generally "Doing It Wrong" here -- I started a thread here yesterday looking for general information on how to serve files provided by our web designer, while not knowing javascript or CSS.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/20141008130321.c19a57a1e9e19dd230d3ff85%40brisammon.fastmail.fm.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment