CSRF Protection and Mobile Clients


I’m working on a Rails app that exposes a simple web service and an
accompanying mobile client. It appears that I am unable to POST data
to the service with the CSRF protection in place.

What is the best way to deal with this from mobile clients? Should I
embed the authenticity token as part of every request to the service?
Seems like this wouldn’t be the best approach.

Any advice would be great, thanks!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs