Always set the XSRF-TOKEN cookie unless the endpoint is configured not to protect against forgery (not just for non-Inertia requests)

jordanhiltunen · jordanhiltunen · commit a6008ffb7272 · 2024-05-27T10:24:32.000-04:00
diff --git a/lib/inertia_rails/controller.rb b/lib/inertia_rails/controller.rb
@@ -13,7 +13,7 @@ module Controller
       helper ::InertiaRails::Helper
 
       after_action do
-        cookies['XSRF-TOKEN'] = form_authenticity_token unless request.inertia? || !protect_against_forgery?
+        cookies['XSRF-TOKEN'] = form_authenticity_token unless !protect_against_forgery?
       end
     end
 
