protect-from-forgery

Is Rails' protect_from_forgery really useful?

I'm asking this because I feel that it's making my life overly complicated when I start communicating with rails using ajax or flash. I know it's nice to protect against CSRF, but couldn't I just check the referer or something instead? ...

Rails request forgery protection settings

Hey, please help a newbie in Rails :) I have protect_from_forgery call (which is given by default) with no attributes in my ApplicationController class. Basically here's the code: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time protect_from_forgery helper_method :current_user...

Rails 3 protect_from_forgery problems

I have two applications that need to talk to each other over HTTP. One is a PHP app and the other is my main app, the Rails app. I am needing the PHP app to talk to the Rails app by POSTing data to it, but when I do, I receive the Invalid Authenticity Token error. Is there anyway around this? Or how would I just create my own token to pa...