search

lynndylanhurley / j-toker

Simple, secure token authentication for jQuery.
Do What The F*ck You Want To Public License
173 stars 46 forks source link

Should Auth.prototype.signOut pass opt variables in DELETE request? #3

Open vlod opened 9 years ago

vlod commented 9 years ago

Hi, First thanks for all your hard work in creating this module!

I'm trying to hook this up (with rails and devise_token_auth) and noticed that Auth.prototype.signOut doesn't supply the opt parameter to the ajax request, like you do in Auth.prototype.emailSignIn

i.e. $.ajax({ url: signOutUrl, context: this, method: 'DELETE', data: opts, // <-- this is not present??

I want to pass pass the csrf_token that Rails requires to prevent the "Can't verify CSRF token authenticity".

Or am I doing this incorrectly?

Thanks for you help.

vlod commented 9 years ago

fyi created a pull request

lynndylanhurley commented 9 years ago

@vlod - signOut works with the current authenticated user, so it shouldn't require any params. All the data that it needs is stored in the current session.

I would recommend setting protect_from_forgery to null_session for API routes if that's possible. This plugin will provide the equivalent of CSRF protection.

Thanks for the PR, I'll review and merge ASAP

Ruff9 commented 7 years ago

It seems like signOut requires some params, I just submitted an issue about that: https://github.com/lynndylanhurley/j-toker/issues/28