Turn off CSRF token in rails 3

In the controller where you want to disable CSRF the check:

skip_before_action :verify_authenticity_token

Or to disable it for everything except a few methods:

skip_before_action :verify_authenticity_token, :except => [:update, :create]

Or to disable only specified methods:

skip_before_action :verify_authenticity_token, :only => [:custom_auth, :update]

More info: RoR Request Forgery Protection


In Rails3 you can disable the csrf token in your controller for particular methods:

protect_from_forgery :except => :create