The CSRF prevention built in to Rails is causing some problems for some automated load testing we are doing, and I want to turn it off for the duration of the process. How do I do this?
+11
A:
I love simple questions with clear answers.
#I go in application.rb
self.allow_forgery_protection = false
If you want to do this for testing only you can move that into one of the environment files (obviously, you'll be touching Application then rather than self). You could also write something like:
#I still go in application.rb
self.allow_forgery_protection = false unless ENV["RAILS_ENV"] == "production"
See here for details. (Continuing Rails' wonderful tradition of having documentation of core features in 2 year old blog posts, which were distilled from commit logs.)
Patrick McKenzie
2008-09-26 09:01:03