How do I bypass protect_from_forgery in Rails 3 for a Facebook canvas app?

I have a Rails 3 Facebook canvas app. When it loads up it gives me an invalid authenticity token error and displays the signed_request parameter that Facebook sends to my app. Is there a way to bypass the 'protect_from_forgery' for the signed_request from facebook?

Thanks!

Tim

Answers


Problem solved. I added

skip_before_filter :verify_authenticity_token, :only => [THE ACTION]

to the top of my controller.


You can also just remove protect_from_forgery from the application controller, if you only use the app as a canvas app.


Need Your Help

How to disable auto pairing of quotes

windows keyboard

My Windows 7 installation automatically tries to pair quotes and does a very poor job. For example, when I press the quote key before a word nothing happens, but when I move the cursor to the end o...