开发者

Overiding request.forgery_whitelisted?

问答 作者:

When a certain method is called in one of my Rails controllers I would like to check if the IP address of the user is on a trusted list, and if so override the request.forg开发者_C百科ery_whitelisted? method to be true so that CSRF protection isn't enforced.

A blog post I have read seems to suggest that declaring the following in the controller action would achieve this but it still throws a CSRF protection error.

if request.remote_ip = "127.0.0.1"
 def request.forgery_whitelisted?; true; end
end

Is there somewhere else this needs to happen in order to override the method early enough for it to take effect?

either of the following should work:

  • override/monkey-patch 'verify_authenticity_token' method in your ApplicationController:

def verify_authenticity_token
  super unless request.remote_ip = '127.0.0.1' # TODO: replace this with actual white-listing logic
end
  • monkey-patch 'forgery_whitelisted?' method:

module ActionDispatch
  class Request
    def forgery_whitelisted?
      super if remote_ip == '127.0.0.1' # TODO: replace this with actual white-listing logic
    end
  end
end

继续阅读:ruby-on-railsruby-on-rails-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9