StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
4136015
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2010-11-09T16:26:57.220
FavoriteCount
0
LastActivityDate
2011-05-06T15:36:15.287
LastEditDate
2011-05-06T15:36:15.287
LastEditorUserId
159376
OwnerUserId
159376
ParentId
4111722
PostTypeId
2
Score
7
ViewCount
0
LastEditorDisplayName
text
Body
<blockquote> <blockquote> EDIT >> I posted this answer in a blog post as well: <a href="http://zadasnotes.blogspot.com/2010/11/rails-3-forgery-csrf-protection-for.html" rel="noreferrer">http://zadasnotes.blogspot.com/2010/11/rails-3-forgery-csrf-protection-for.html</a> EDIT 2 >> This was changed in Rails 3.0.4. See follow up post here: <a href="http://zadasnotes.blogspot.com/2011/02/rails-forgery-csrf-protection-for-ajax.html" rel="noreferrer">http://zadasnotes.blogspot.com/2011/02/rails-forgery-csrf-protection-for-ajax.html</a> </blockquote> </blockquote> After researching it for a while, I decided to dig a bit into the rails code documentation to find out. Starting here: <a href="http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#method-i-form_authenticity_token" rel="noreferrer">http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html#method-i-form_authenticity_token</a> protect_from_forgery adds a before_filter on verify_authenticity_token which is shown below: <pre><code># File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 95 95: def verify_authenticity_token 96: verified_request? || raise(ActionController::InvalidAuthenticityToken) 97: end </code></pre> And the verified_request? is shown here: <pre><code># File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 104: def verified_request? 105: !protect_against_forgery? || request.forgery_whitelisted? || 106: form_authenticity_token == params[request_forgery_protection_token] 107: end </code></pre> Finally request.forgery_whitelisted?: <pre><code> # File actionpack/lib/action_dispatch/http/request.rb, line 126 126: def forgery_whitelisted? 127: get? || xhr? || content_mime_type.nil? || !content_mime_type.verify_request? 128: end </code></pre> Notice xhr?. xmlHttpRequest is whitelisted and is not on the protect_from_forgery list. So it appears that this is by design. After researching further on xmlHttpRequests it appears that there are restrictions on running them across domains, which makes it unnecessary to apply the csrf check on xhr. 
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. PORails 3 AJAX request authenticity token ignored
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USzzawaideh
UserOwnerUserId
1. USzzawaideh
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. PORails 3 AJAX request authenticity token ignored
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.