Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

CORS and JSON_CSRF #39

Closed
resistorsoftware opened this Issue · 1 comment

2 participants

@resistorsoftware

I have a route setup for CORS in a Sinatra App. The block is called with XHR but the call is rejected with the warning:

attack prevented by Rack::Protection::JsonCsrf

How does one structure an Ajax call to not trigger this protection on a route with CORS?

I had to explicitly turn off this protection for all my routes, something probably less than ideal :).

@rkh
Owner
rkh commented

No, if your API is not session protected, turning off this protection is fine.

@rkh rkh closed this in 2560bb9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.