You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the case of JSONP calls which can only GET, it is common to use Rack::MethodOverride or similar to turn GET into other verbs as soon as it hits the middleware stack. In this scenario, it is not possible to include the CSRF token anywhere but the query string, even though the call later becomes a POST or other.
If you want to support having the token in the query string, you can check for the token using Rack::Request.params which is a union of both Rack::Request.GET & Rack::Request.POST
The text was updated successfully, but these errors were encountered:
In the case of JSONP calls which can only GET, it is common to use Rack::MethodOverride or similar to turn GET into other verbs as soon as it hits the middleware stack. In this scenario, it is not possible to include the CSRF token anywhere but the query string, even though the call later becomes a POST or other.
If you want to support having the token in the query string, you can check for the token using Rack::Request.params which is a union of both Rack::Request.GET & Rack::Request.POST
The text was updated successfully, but these errors were encountered: