Skip to content

CSRF Not being disabled even when told to #5755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MUSTDOS opened this issue Jan 8, 2025 · 2 comments
Open

CSRF Not being disabled even when told to #5755

MUSTDOS opened this issue Jan 8, 2025 · 2 comments

Comments

@MUSTDOS
Copy link

MUSTDOS commented Jan 8, 2025

I tried to stop CSRF for API in application_controller.rb with skip_before_action :verify_authenticity_token

It worked well until I generated devise views for custom logging.

Now, CSRF keeps working even if I tried to add skip_before_action :verify_authenticity_token to the registrations_controller.rb

I'm not sure if this is a bug or misuse
@MUSTDOS
Copy link
Author

MUSTDOS commented Jan 9, 2025

NVM, it's devise custo, views that changed the needed JSON

@UmerQaisar
Copy link

Have you updated your routes.rb file to use the devise's registrations_controller.rb ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@UmerQaisar @MUSTDOS