I have a backbone app which is being fed data by a Rails backend. When trying to call create from Backbone collection, the session in rails gets destroyed. Any pointers on how to overcome it?
Asked
Active
Viewed 644 times
0
-
This would help http://www.ngauthier.com/2011/02/backbone-and-rails-forgery-protection.html – boredmgr Jun 16 '11 at 15:53
1 Answers
1
This sort of thing is almost always a result of a bad or non-existent CSRF token. In recent versions of Rails 3.0.4+, any request that doesn't have a CSRF token that matches the token generated for the users current session will destroy the session as a security measure.
Here is some more info on CSRF security in Rails:
http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
You can easily test to see if this is what is causing your problem by commenting out the protect_from_forgery method call (probably in your application_controller.rb file). But I wouldn't recommend disabling it permanently for security reasons.
aNoble
- 7,033
- 2
- 37
- 33