Erreur accès WebService REST

I am trying to write a REST web service

testing locally is fine but whane I deploy the server and try test it
via curl

curl -i -X POST -H ‘Content-Type:application/xml’ -d ‘’
http://mytesteddomain.tld/user/posts/createReference.xml

I get an error :

ERROR TYPE: ActionController::InvalidAuthenticityToken

ERROR MESSAGE: ActionController::InvalidAuthenticityToken

I don’t have any protection in my app as I put a filter to avoid the
login check
before_filter :login_required, :except => [ :createReference]

my Apache vhost.conf doesn’t block :

<Directory “/var/rails/mytesteddomainname/current/public”>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

where should I start looking for ?

thansk for your help

curl -i -X POST -H ‘Content-Type:application/xml’ -d ‘’
http://mytesteddomain.tld/user/posts/createReference.xml

Shouldn’t that URL have a user number in it e.g. …/user/1/posts/…

without that it is probably redirecting to a secured page and hence the
error.

Kad K. escribió:

ERROR TYPE: ActionController::InvalidAuthenticityToken

ERROR MESSAGE: ActionController::InvalidAuthenticityToken

Maybe, you have in your controller (or application controller):

protect_from_forgery

That protect you from xss.
Error said: You aren’t sending “InvalidAuthenticityToken” then you have
two options:

- Bypass this check in this action. In you controller put:
      protect_from_forgery :except => 

[:autocomplete_google_map_city]

- Send the parameter "InvalidAuthenticityToken". Create a hidden

tag(helper) with it:

def token_tag
unless protect_against_forgery?
‘’
else
tag(:input, :type => “hidden”, :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
end
end

Regards!


Rafael Garcia Ortega

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs