Issue with forgery protection and Rails 3.2

Question

Issue with forgery protection and Rails 3.2

Opened this issue 11 years ago · 3 comments

Hey @ankane, just a quick issue where I wanted to say thanks for this Gem...I just found it useful for an app I'm working on. Also, I wanted to suggest a README update specific to Rails 3.2.

I had to add an extra line above my controller methods

  skip_before_filter :verify_authenticity_token, only: [:impersonate, :stop_impersonating]

Feel free to drop this line into your README where it makes the most sense. Basically, for Rails 3.2 you have to skip the forgery protection before filters while switching users.

Answer 1 · 2013-12-03T21:26:11.000Z

Also, for Rails 4, this would be

  skip_before_action :verify_authenticity_token, only: [:impersonate, :stop_impersonating]

Answer 2 · 2013-12-05T04:09:20.000Z

I think this may be related to how your specific routes are setup.

Answer 3 · 2014-03-24T08:29:01.000Z

Cleaning up issues