Forum: Ruby on Rails Accept POST data from external source?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Duane M. (Guest)
on 2009-03-31 06:48
Ok, this is harder than I thought.  I've got a hunk of XML coming in
from an entirely external source that I do not control (but another
department in my company does, so it's not like a giant security hole).
I was hoping to just have them POST their data to me, and then I'd read
the raw stream and parse it.

I'm sure folks know what I ran into -- Invalid Authenticity Token.  If I
understand my googling right, I'm getting this because Rails did not
generate the "form" that posted the incoming data (even though there
wasn't one), so it doesn't come with an authentication key.

Anybody got suggestions on how to get around this?  Do I have to work
with the folks generating the XML to do some sort of handshake that gets
them an authenticity token?  But then, how would they send it over?
Surely there are other occasions when you might want some non-Rails
source to post a raw data stream to a Rails app?
bill walton (Guest)
on 2009-03-31 08:17
(Received via mailing list)
Hi Duane,

On Tue, 2009-03-31 at 04:48 +0200, Duane M. wrote:
> Ok, this is harder than I thought.  I've got a hunk of XML coming in
> from an entirely external source

>From Rails' perspective, that external source is just another client.
Looks like you're requiring your app's other clients to be logged in.
You'll need to either have this one log in too, or exempt it by giving
it its own 'channel'.

HTH,
Bill
David K. (Guest)
on 2009-03-31 09:54
(Received via mailing list)
Duane M. skrev:
>
> Anybody got suggestions on how to get around this?  Do I have to work
> with the folks generating the XML to do some sort of handshake that gets
> them an authenticity token?  But then, how would they send it over?
> Surely there are other occasions when you might want some non-Rails
> source to post a raw data stream to a Rails app?

Say for example that you want the create action of PeopleController to
accept requests from an external source, then you'ld simply add this
line to people_controller.rb:

protect_from_forgery :except => :create

See the documentation for the protect_from_forgery method:
http://api.rubyonrails.org/classes/ActionControlle...

--
Best regards,
David K.
http://twitter.com/rubyguy
Duane M. (Guest)
on 2009-03-31 18:20
Perfect - the data I need ends up in request.env['RAW_POST_DATA'].

Thanks!

D
David K. wrote:
> Duane M. skrev:
>>
>> Anybody got suggestions on how to get around this?  Do I have to work
>> with the folks generating the XML to do some sort of handshake that gets
>> them an authenticity token?  But then, how would they send it over?
>> Surely there are other occasions when you might want some non-Rails
>> source to post a raw data stream to a Rails app?
>
> Say for example that you want the create action of PeopleController to
> accept requests from an external source, then you'ld simply add this
> line to people_controller.rb:
>
> protect_from_forgery :except => :create
>
> See the documentation for the protect_from_forgery method:
> 
http://api.rubyonrails.org/classes/ActionControlle...
>
> --
> Best regards,
> David K.
> http://twitter.com/rubyguy
This topic is locked and can not be replied to.