How do I turn off CSRF protection in a rails app?

The CSRF prevention built in to Rails is causing some problems for some automated load testing we are doing, and I want to turn it off for the duration of the process. How do I do this?

Solution

I love simple questions with clear answers.

#I go in application.rb
self.allow_forgery_protection = false

If you want to do this for testing only you can move that into one of the environment files (obviously, you'll be touching Application then rather than self). You could also write something like:

#I still go in application.rb
self.allow_forgery_protection = false unless ENV["RAILS_ENV"] == "production"

See here for details. (Continuing Rails' wonderful tradition of having documentation of core features in 2 year old blog posts, which were distilled from commit logs.)

How can I disable Hotwire / Turbo (the Turbolinks replacement) for all forms in a Rails application?
RSpec Stubbing out Date.today in order to test a method
How to specify a prefix when uploading to S3 using activestorage's direct upload?
Duration between two dates in Ruby (Rails)
CMS for ecommerce website in rails
Ruby gsub capturing groups
Can I switch to Amazon S3 later in Rails 7 after using local storage?
Rails 7/StimulusJS relative import: working on dev, but not production
Rails: ActiveSupport::MessageEncryptor::InvalidMessage
How can I unlock my gemfile so I can access the rails server?
What do I pass to schema_migration in ActiveRecord::MigrationContext#new
How do I stop Routing Errors errors from causing all sorts of warning?
Where do you put your Rack middleware files and requires?
How to prevent the <p> tag from wrapping around my input with tinymce in Rails?
Clickable Table Rows in Ruby on Rails
How to determine if one array contains all elements of another array
Adding page-specific CSS to Rails Asset Pipeline
Rails 7.1, log to STDOUT and log/production.log
Add custom fields to object in ROR application
Hit web endpoints behind Devise authentication with non-browser request in a Rails app
How to revert/undo local changes to an Activerecord object?
Disabling GraphQL introspection requests on production
carrierwave png thumbnails from svg upload
When rails app create database and collection when using MongoDb?
Sidekiq sending jobs to test queue instead of developement queue
rails assert_difference without specific difference value
How best to propogate an `admin` status to children using Rails and Ancestry
Rails minitest + authlogic cannot authenticate
How does bundler work (in general)?
`belongs_to` and `before_create` order in Rails