I'm just putting together a simple web application in Ruby on Rails 3 RC and I'm a bit stumped with the forgery protection. I plan to have a web interface as well as allow XML API calls from an iPhone app. I'm currently testing this with a REST request generator but am getting InvalidAuthenticityToken errors.
Firstly, I thought these only applied to requests that weren't XML or JSON. Secondly, I'm attaching a user-unique API key with XML request so forgery protection can be achieved by other means (I know not entirely secure, but decent start for development).
Has anyone got any pointers for preventing this protection for XML/JSON requests for somehow overriding the default token checker to validate via my own API Token system before using the on-board system?
Cheers D开发者_Python百科ave Finster
Have you manually set the request type, as per this answer?
Turning off authenticity token in Rails 2 for web services?
精彩评论