How do i remove the authenticity_token from rails forms

I have worked out how to disable the authenticity_token in the controller but rails still 开发者_运维百科creates the field in the forms. How do i turn this off as the server i am posting the form to needs a very specific set of field names.

In rails after 3.2.x you can pass a parameter into the form generator as suggested in another answer:

form_for @invoice, :url => external_url, :authenticity_token => false do |f|
  ...
<% end %>

In any rails version you can disable globally in config/application.rb, as in another answer:

config.action_controller.allow_forgery_protection = false

In rails 3.0.x you can disable on a page load basis in the controller by overriding the following method. Unfortunately, there seems to be no way to do this at the form level.

protected
  def protect_against_forgery?
    if ...
      # results in the meta tag being ommitted and no forms having authenticity token
      return false 
    else
      # default implementation based on global config
      return allow_forgery_protection 
    end
  end

To disable it across your application, you can add this line to your config/application.rb:

config.action_controller.allow_forgery_protection = false

For external urls you can turn this of per form as follows:

<%= form_for @invoice, :url => external_url, :authenticity_token => false do |f|
  ...
<% end %>

Source: http://apidock.com/rails/ActionView/Helpers/FormHelper/form_for