Forum: Ruby on Rails Turning off InvalidAuthenticityToken for a RESTful Service

4cca2c11a75f80bb212123c18c0ab3cc?d=identicon&s=25 Eric Larson (Guest)
on 2008-02-01 18:55
(Received via mailing list)
Hi,

I was trying to write a RESTful service and was planning on testing
via tools such as cURL and the basic http libs. With the
InvalidAuthenticityToken piece that is turned by default in Rails
2.0.2, I have to provide the token with each request. This is
something of a pain for a programmable client that may not make a GET
request before performing other actions, specifically POST, PUT and
DELETE.

Is there a way to turn it off and/or program a client utilizing the
cookie without making a GET request first?

Thanks!

------

Eric Larson
http://ionrock.org/blog/
4cca2c11a75f80bb212123c18c0ab3cc?d=identicon&s=25 Eric Larson (Guest)
on 2008-02-01 19:09
(Received via mailing list)
Hi All,

On Feb 1, 11:55 am, Eric Larson <ionr...@gmail.com> wrote:
> Is there a way to turn it off and/or program a client utilizing the
> cookie without making a GET request first?
>
> Thanks!
>
> ------
>
> Eric Larsonhttp://ionrock.org/blog/

Just answering my own post:


From
http://ryandaigle.com/articles/2007/9/24/what-s-ne...

Add this to controllers to override the default secure cookie check:

skip_before_filter :verify_authenticity_token

And to disable things completely, add this to application.rb:

self.allow_forgery_protection = false

Hope it helps someone else!

----
Eric Larson
http://ionrock.org/blog/
821395fe70906c8290df7f18ac4ac6cf?d=identicon&s=25 Rick Olson (Guest)
on 2008-02-01 20:25
(Received via mailing list)
On Feb 1, 2008 9:55 AM, Eric Larson <ionrock@gmail.com> wrote:
>
> Is there a way to turn it off and/or program a client utilizing the
> cookie without making a GET request first?

It shouldn't be verifying requests unless they're using the html or js
(ajax) formats.  XML or JSON should be fine:

http://dev.rubyonrails.org/browser/tags/rel_2-0-2/...


--
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.