InvalidAuthenticityToken when using XML, why?

Hi,

I’m making an app where messages can be posted only from mobile phones.
The clients that will connect to the app will NOT use a browser but the
client is developed using native language, say C++, Java, etc. Users
need to be registered to be able to post.

On the server I am using restful_authentication. Clients will use XML to
post stuff to the server.

It is simple to use HTTP Basic authentication to post messages. But I’d
like to have a real API to login once and then provide a token to the
client so the next requests are done just using the token, actually I
could even use the remember me token.

My problem is that when I try this a POST to
http://127.0.0.1.:3000/session.xml
I get ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
So I can’t get into the controller to start working on the logic I need.


I also confused since the rails docs
(http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html)
state that “Only HTML/JavaScript requests are checked, so this will not
protect your XML API”

I’m using XML here so why is the token being checked?


Any hints appreciated.

Cheers.

Hi,

For the sake of sharing with others in case it might help…

I had to add Content-Type: text/xml to the headers in the post request.
Doing that stopped the token error.

Now I have started doing some changes so the mobile client can login
with XML and receive a new client_auth_token. For that I have created a
new remember token for the mobile case to the user model, so I can use
the existing remember me functionality of restful_authentication as a
base. The client uses that cookie for using the API. Some changes to the
plugin are needed for this but I hope/think I’m in the right track.

Cheers.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs