Hallo, I want to test the csrf protection of my application but forgery protection is not working with jquery ajax request. I have used Unobtrusive Javascript with jquery I have removed the <%= csrf_meta_tag %> so that my application do not include authenticity token. In my view I have the following code
$(function () { $('#alert').click(function () { $.ajax({ type: "POST", data: ({ lo: 67, pi: 22 }), url: '/test/set',
}); }) });
I have also include in the application controller protect_from_forgery
and have set in development configuration config.action_controller.consider_all_requests_local = false
However the post command is completed successfully. Does anyone know why the protection is not working?
Thank you