Forgery Protection
Important: These docs are for the outdated Jets 5 versions and below. For the latest Jets docs: docs.rubyonjets.com
By default, csrf forgery protection is enabled in html mode and disabled in api mode. You can override the setting with default_protect_from_forgery.
Jets.application.configure do
config.controllers.default_protect_from_forgery = false
end
You can also skip the before_action filter on a per-controller basis.
class PostsController < ApplicationController
skip_forgery_protection
end