Open vlod opened 9 years ago
fyi created a pull request
@vlod - signOut
works with the current authenticated user, so it shouldn't require any params. All the data that it needs is stored in the current session.
I would recommend setting protect_from_forgery
to null_session
for API routes if that's possible. This plugin will provide the equivalent of CSRF protection.
Thanks for the PR, I'll review and merge ASAP
It seems like signOut
requires some params, I just submitted an issue about that: https://github.com/lynndylanhurley/j-toker/issues/28
Hi, First thanks for all your hard work in creating this module!
I'm trying to hook this up (with rails and devise_token_auth) and noticed that Auth.prototype.signOut doesn't supply the opt parameter to the ajax request, like you do in Auth.prototype.emailSignIn
i.e. $.ajax({ url: signOutUrl, context: this, method: 'DELETE', data: opts, // <-- this is not present??
I want to pass pass the csrf_token that Rails requires to prevent the "Can't verify CSRF token authenticity".
Or am I doing this incorrectly?
Thanks for you help.