Open cprodhomme opened 4 years ago
many people speak about put this line skip_before_filter :verify_authenticity_token
into their controller but it's a huge mistake because the authenticity token is a random value generated in your view to prove a request is submitted from a form on your site, not somewhere else. This protects against CSRF attacks.
maybe, you need to check before the value $('meta[name=csrf-token]')
is not null 🤔
Any worries of raising JS errors if that attribute is missing? How do other plugins solve this problem?