How do I bypass protect_from_forgery in Rails 3 for a Facebook canvas app?
I have a Rails 3 Facebook canvas app. When it loads up it gives me an invalid authenticity token error and displays the signed_request parameter that Facebook sends to my app. Is there a way to bypass the 'protect_from_forgery' for the signed_request from facebook?
Problem solved. I added
skip_before_filter :verify_authenticity_token, :only => [THE ACTION]
to the top of my controller.
You can also just remove protect_from_forgery from the application controller, if you only use the app as a canvas app.