excluding authorization check for action in controller

protect_from_forgery(options = {})

Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked.


class FooController < ApplicationController
  protect_from_forgery :except => :index

You can disable csrf protection on controller-by-controller basis:

skip_before_filter :verify_authenticity_token

It can also be disabled for specific controller actions:

skip_before_filter :verify_authenticity_token, :except => [:create]

Valid Options:

  • :Only/:except – Passed to the before_filter call. Set which actions are verified.


<input type="button" name="load" value="Reload page" 


The reload() method reloads the current page displayed in the browser.

It is good to use when you update some data after success calling ajax and want

to show users the update.

ruby notes(6)

  • Mutable objects are objects whose state can change. Immutable objects are objects whose state never changes after creation. Any instance can become immutable by calling freeze.

Freezing Objects

The freeze method in class Object prevents you from changing an object, effectively turning an object into a constant. After we freeze an object, an attempt to modify it results in TypeError. The following program p050xfreeze.rb illustrates this:

str = ‘A simple string. ‘
str < err
puts “#{err.class} #{err}”
# The output is – TypeError can’t modify frozen string

However, freeze operates on an object reference, not on a variable. This means that any operation resulting in a new object will work. This is illustrated by the following example:

str = ‘Original string – ‘
str += ‘attachment’
puts str
# Output is – Original string – attachment

The expression str + ‘attachment’ is evaluated to a new object, which is then assigned to str. The object is not changed, but the variable str now refers to a new object.

ruby notes(5)

  • When you invoke super with arguments, Ruby sends a message to the parent of the current object, asking it to invoke a method of the same name as the method invoking super.The way super handles arguments is as follows:
    1. When you invoke super with no arguments Ruby sends a message to the parent of the current object, asking it to invoke a method of the same name as the method invoking super. It automatically forwards the arguments that were passed to the method from which it’s called.
    2. Called with an empty argument list – super()-it sends no arguments to the higher-up method, even if arguments were passed to the current method.
    3. Called with specific arguments – super(a, b, c) – it sends exactly those arguments.
  • Unlike C++, instance variables cannot be inherited; The reason that they sometimes appear to be inherited is that instance variables are created by the methods that first assign values to them, and those methods are often inherited or chained.
  • The initialize method is always private.
  •  overload method by telling how many args passed in
    class Car
    def initialize(*args)
    if args.size == 2
    puts ‘2 arguments’
    if args.size == 3
    puts ‘3 arguments’
    end; end
    Car.new([10, 23], 4, 10)  #=> 3 arguments
    Car.new([10, 23], [14, 13])  #=> 2 arguments
  • protected methods are called when the receiver is of the same class as ‘self’

class Person
def initialize(age)
@age = age
def age
def compare_age(c)
if c.age > age  #works because self=Person and c is also an instance of Person
“The other object’s age is bigger.”
“The other object’s age is the same or smaller.”
protected :age

chris = Person.new(25)
marcos = Person.new(34)
puts chris.compare_age(marcos)
#puts chris.age => not work because self=main, but chris, the receiver, is of class Person.

With age protected rather than private, chris can ask marcos to execute age, because chris and marcos are both instances of the same class. But if you try to call the age method of a Person object when self is anything other than a Person object, the method will fail.

  • private/public/protected are only for methods; all instance and class variables are private, all constants are effectively public
  • Private methods cannot normally be invoked from outside the class that defines them. But they are inherited by subclasses. This means that subclasses can invoke them and can override them. initialize is a good example of such method.
  • In Ruby, we can define an abstractclass that invokes certain undefined “abstract” methods, which are left for subclasses to define. For example:
    # This class is abstract; it doesn’t define name
    any class that invokes methods that are intended for a subclass to implement is abstract
    class AbstractKlass
    def welcome; puts “hello #{name}”; end
    # A concrete class
    class ConcreteKlass < AbstractKlass
    def name; “Ruby students”; end
    endConcreteKlass.new.welcome # Displays “hello Ruby students”