If the protect_from_forgery
option is mentioned in application_controller, then I can log in and perform any GET requests, but on very first POST request Rails resets the session, which logs me out.
I turned the protect_from_forgery
option off temporarily, but would like to use it with Angular.js. Is there some way to do that?
Best Answer
I think reading CSRF-value from DOM is not a good solution, it's just a workaround.
Here is a document form angularJS official website http://docs.angularjs.org/api/ng.$http :
Here is my solution based on those instructions:
First, set the cookie:
Then, we should verify the token on every non-GET request.
Since Rails has already built with the similar method, we can just simply override it to append our logic: