Getting CSRF to work with Rails and Angular

I had trouble posting to my Rails server from an Angular controller until I found this SO post. In /app/controllers/application_controller.rb I added the following code.

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

  after_action :set_csrf_cookie_for_ng

  def set_csrf_cookie_for_ng
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end

  protected

    # In Rails 4.2 and above
    def verified_request?
      super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
    end
end

Leave a Reply

Your email address will not be published. Required fields are marked *