Detect XML Requests in Before Filter / OAuth

Hi,

I am working on a RESTful website and also want to support XML as
content type. However, I want to protect all XML actions with OAuth so
that we can control, monitor and maybe limit access to the API in the
future.

I installed the Rails oauth-plugin which works perfectly. I added this
to the application controller:

before_filter :require_oauth_for_xml_requests

def require_oauth_for_xml_requests
if params[:format] == ‘xml’
oauth_required
else
true
end
end

The problem is that this only works if accessing something like
‘/users.xml’. If HTTP headers are set instead I cannot detect the proper
type. The action is not protected if I use:

curl -H ‘Accept: application/xml’ -H ‘Content-Type: application/xml’
http://localhost:3000/users

The HTTP headers can be inspected in the request object but there are
many combinations and it is probably not a good idea to just check if
the content-type equals “application/xml” as it can also be placed at
another position in the list.

How could my require_oauth_for_xml_requests method be fixed to detect
all XML requests?

I would appreciate any help.

Thanks,
Sascha

Sure… and it’s reasonable to figure out why that’s not working for you

params[:format] is just whatever’s in the querystring. You want to check
the
actual request’s content type. From what I’ve seen you want to
explicitly
ask for the requested format.

def require_oauth_for_xml_requests
if request.format.xml?
oauth_required
else
true
end
end

See if that works.

On Thu, Jul 24, 2008 at 5:01 AM, Sascha Konietzke <

Thanks Brian, it works. This is was what I was looking for!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs