How to get CSRF token with rails3.2.x before sending a supporting POST / PUT API without any form / interface from the server side?

Question

How to get CSRF token with rails3.2.x before sending a supporting POST / PUT API without any form / interface from the server side?

I know that rails provided the default CSRF protection from rails3. but my web application is a single page application and all communication is dependent on ajax.

So, how can I get the CSRF token from the server before every ajax call? or what can I do is just unprotect the CSRF, right?

NOTE. We do not use rail viewing to create a web page even on the home page, so the decision to put "<% = csrf_meta_tag%>" in .html or .erb is not valid ., We use the javascript framework on one page.

my env: rails3.2.3, devise2.0.4, dojo1.7.2

+5

ruby-on-rails csrf devise

qwert Jun 25 '12 at 15:47

source share

1 answer

JeanMertz · Accepted Answer · 2012-06-25T16:17:22+0000

I would advise you to take a look at the Rails-backbone project . In particular, the backbone_rails_sync.js file .

Shows how this stone sends CSRF token data along with any ajax request you make to the server.

Also, here are a few docs in your Django project that give you an example of how to always override the jQuery default jQuery method, send the CSRF token.

updated based on comment:

So you are asking how to implement CSRF when using anything other than the REST API, and no views / forms are used in any way.

Answer: does not include CSRF protection .

- , () - .

, , ( ). - , , , - , - . , CSRF, , , , , CSRF .

, , HTTP API- , , Authorization header. , , CSRF.

, RESTful API :

(https/ssl)
, oAuth (2), API HTTP- ( , ).
, , .

How to get CSRF token with rails3.2.x before sending a supporting POST / PUT API without any form / interface from the server side?

More articles: