Forum: Ruby Identity Token (Rails 2) and REST APIs.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
8b6fa694bf556e382b8db38efe8351c4?d=identicon&s=25 e deleflie (Guest)
on 2008-12-02 03:03
(Received via mailing list)
All,

I've got a remote application that is used for posting data to my
Rails 2 app. Took me about a day to realise that my posting wasn't
working because my submitted form did not contain an identity token
(introduced into Rails 2).

I can remove that function (on new posts) by doing:
  protect_from_forgery :only => [:update, :destroy]

but I'm wondering how I could keep that feature and still post from my
client side app?

Etienne
753dcb78b3a3651127665da4bed3c782?d=identicon&s=25 Brian Candler (candlerb)
on 2008-12-02 14:42
> I've got a remote application that is used for posting data to my
> Rails 2 app. Took me about a day to realise that my posting wasn't
> working because my submitted form did not contain an identity token
> (introduced into Rails 2).
>
> I can remove that function (on new posts) by doing:
>   protect_from_forgery :only => [:update, :destroy]
>
> but I'm wondering how I could keep that feature and still post from my
> client side app?

Probably best asked on a Rails mailing list, as it's very specific to
the Rails framework. This list is for the Ruby programming language.
This topic is locked and can not be replied to.