How To Set CSRF With AngularJS And Rails
Posted by Weston Ganger
One common problem with AngularJS and Rails integration is getting the CSRF protection working.
You can implement it yourself as described below or add a gem that provides this angular_rails_csrf
# app/controllers/application_controller.rb class ApplicationController < ActionController::Base protect_from_forgery after_filter :set_csrf_cookie_for_ng protected # In Rails 4.2 and above def verified_request? super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN']) end # In Rails 4.1 and below def verified_request? super || form_authenticity_token == request.headers['X-XSRF-TOKEN'] end private def set_csrf_cookie_for_ng cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery? end end
Related External Links: