0

I'm using Rails 4.2.5, and the jQuery gem, version 4.0.5

I have an AJAX call via jQuery.ajax() in my code, and found that the CSRF token that I inserted via Rails' csrf_meta_tags helper is being added to the AJAX POST call, even though I didn't write any code to insert it. That is, I did not look for the meta tag, extract its value, and insert it into the XHR with a beforeSend handler.

The jQuery documentation says nothing about jQuery automatically inserting this token - is this undocumented auto-magic behavior?

sameers
  • 4,855
  • 3
  • 35
  • 44
  • how is said token sent? a header? cookies? if header, then jquery is not adding it, something else you have installed is doing it. jquery-ujs or something similar maybe? – Kevin B Feb 02 '16 at 19:35
  • 1
    You can check this: http://stackoverflow.com/questions/7203304/warning-cant-verify-csrf-token-authenticity-rails – kalelc Feb 02 '16 at 22:07
  • Thanks - for those who show up here wondering about the same thing, the answer is yes, jquery_ujs does the automagic insertion. @kevin-b - I would be happy to accept your answer if you so care. – sameers Feb 02 '16 at 23:51

0 Answers0