Identity Token (Rails 2) and REST APIs


#1

All,

I’ve got a remote application that is used for posting data to my
Rails 2 app. Took me about a day to realise that my posting wasn’t
working because my submitted form did not contain an identity token
(introduced into Rails 2).

I can remove that function (on new posts) by doing:
protect_from_forgery :only => [:update, :destroy]

but I’m wondering how I could keep that feature and still post from my
client side app?

Etienne


#2

I’ve got a remote application that is used for posting data to my
Rails 2 app. Took me about a day to realise that my posting wasn’t
working because my submitted form did not contain an identity token
(introduced into Rails 2).

I can remove that function (on new posts) by doing:
protect_from_forgery :only => [:update, :destroy]

but I’m wondering how I could keep that feature and still post from my
client side app?

Probably best asked on a Rails mailing list, as it’s very specific to
the Rails framework. This list is for the Ruby programming language.