I'm trying to build an api for my rails application.
I want to skip the csrf before filter when a valid api_key is present in the non-get requests.
I've tried (I'll validate the api_key once I can get the conditional filter working)
(skip_before_filter :verify_authenticity_token) if params[:api_key].present?
But that doesn't work ...
Any ideas?
i don't think that can work, because if expression is evaluated during creation of controller class, so params[:api_key].present?
is false at that moment... u can try
skip_before_filter :verify_authenticity_token, :if =>lambda{ params[:api_key].present?}