CSRF protection is a key generation on the server, and stuffing it into forms and everything else during a request to a server; if the key that came with the request is not the same, it is an error, and when the key is the same, it is 200 OK. If not understood, correct, please.
I have this code
Class ChatController <ApplicationController def index respond_to do | format | format.html format.js {render js: "/ home / admin-iorigins / RubymineProjects / chatSimple / app / assets / javascript / channels / chat"} end end end during its execution I have such logs
Started GET "/ chat / index? Format = js" for 127.0.0.1 at 2017-02-10 19:16:41 +0200 Processing by ChatController # index as JS Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding. Completed 422 Unprocessable Entity in 3ms (Views: 0.4ms | ActiveRecord: 0.0ms) Why is this happening?
