-
Notifications
You must be signed in to change notification settings - Fork 0
CSRF and Ajax Requests
Andreas Dausenau edited this page Jun 28, 2022
·
1 revision
Ez-on-rails modifies ajax requests to make them work out of the box with csrf tokens. All ajax requests of axios will be appended by the CSRF token given by the field having the selector meta[name=csrf-token].
The ezapp generator creates the initializer config/initializers/form_security_token.rb. This initializer configures rails to generate a CSRF token for every form produced by a form builder.
This should secure your ajax calls to be done only by your application.
Note that this is only important to know if you use javascript in your rails views. This does not affect the api endpoints.