我如何从 rails 表单中删除真实性_token [英] How do i remove the authenticity_token from rails forms

问题描述

我已经研究出如何禁用控制器中的authenticity_token，但rails 仍然在表单中创建该字段.我如何关闭此功能，因为我将表单发布到的服务器需要一组非常具体的字段名称.

I have worked out how to disable the authenticity_token in the controller but rails still creates the field in the forms. How do i turn this off as the server i am posting the form to needs a very specific set of field names.

推荐答案

在 3.2.x 之后的 rails 中，您可以按照另一个答案中的建议将参数传递给表单生成器:

In rails after 3.2.x you can pass a parameter into the form generator as suggested in another answer:

form_for @invoice, :url => external_url, :authenticity_token => false do |f|
  ...
<% end %>

在任何 rails 版本中，您都可以在 config/application.rb 中全局禁用，如另一个答案:

In any rails version you can disable globally in config/application.rb, as in another answer:

config.action_controller.allow_forgery_protection = false

在 rails 3.0.x 中，您可以通过覆盖以下方法在控制器中禁用页面加载.不幸的是，在表单级别似乎没有办法做到这一点.

In rails 3.0.x you can disable on a page load basis in the controller by overriding the following method. Unfortunately, there seems to be no way to do this at the form level.

protected
  def protect_against_forgery?
    if ...
      # results in the meta tag being ommitted and no forms having authenticity token
      return false 
    else
      # default implementation based on global config
      return allow_forgery_protection 
    end
  end

这篇关于我如何从 rails 表单中删除真实性_token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！