在 Rails 2 中为 Web 服务关闭真实性令牌? [英] Turning off authenticity token in Rails 2 for web services?

问题描述

除了在 HTML 中填写表单之外，还应该可以只发送包含参数的 post 请求.例如，如果 Accept 标志设置为application"，是否可以关闭真实性令牌?/JSON' 在 HTTP 标头中?

Instead of just filling out the form in HTML it should also be possible to just send a post request containing the params.. Is it possible to turn off the authenticity token if, for example, the Accept flag is set to 'application/JSON' in the HTTP header?

推荐答案

请求伪造保护是在检查请求的内容类型的基础上工作的，它只检查浏览器可以发出的请求.例如，没有浏览器能够生成内容类型设置为application/json"的请求.这就是为什么 rails 伪造保护程序不会检查它的原因.因此，如果您想向您的应用程序发出 json 请求，请将内容类型标头设置为application/json"，它应该可以工作.

The request forgery protection works on the basis of checking the content-type of requests and it only checks the requests that can be made by a browser. No browser is able to generate a request with the content-type set to "application/json" for example. That's why the rails forgery protection routine won't check it. So, if you want to make a json request to your application, set the content-type header to "application/json" and it should work.

这篇关于在 Rails 2 中为 Web 服务关闭真实性令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！