Rails has CSRF protections baked in; unless you explicitly turn it off, non-GET ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cheald on Feb 16, 2012 \| parent \| context \| favorite \| on: What Craigslist Did Right: User Management Without... Rails has CSRF protections baked in; unless you explicitly turn it off, non-GET requests require a CSRF token associated with the user session to complete successfully.

scriby on Feb 16, 2012 [–]

That makes sense. I've been doing node js too long where you have to do this stuff by hand :0

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact