Rails, CSRF protection
I thought I found a neat way to link to POST and PATCH requests from emails.
1. Links go to /magic?method=POST&action=/path/to/action
2. /magic loads HTML page with form which is submitted via JS
This would let me contain all the messiness to one page, re-use my existing actions, and get CSRF protections.
It’s been working well, but there’s a handful of people who seem to consistently get an CSRF authenticity exceptions.
I’m stumped. Token is there. Is session reset?
I’m grateful for @davidherse making a Zap that randomly assigns 4 co-workers in Basecamp for a “water cooler” chat once a week. The bot gives us a window of time and we just use the comments to find the last mile. I prefer this flexibility over rigid calendars.
That would do it.
Compare the pair.
Strong opinions, unowned retained. CTO at Five Good Friends. Swift, Ruby, and servers.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!