Kad Kerforn escribió:
> I am trying to write a REST web service
>
> testing locally is fine but whane I deploy the server and try test it
> via curl
>
> curl -i -X POST -H 'Content-Type:application/xml' -d ''
> http://mytesteddomain.tld/user/posts/createReference.xml
>
> I get an error :
>
> ERROR TYPE: ActionController::InvalidAuthenticityToken
>
> ERROR MESSAGE: ActionController::InvalidAuthenticityToken
>
Maybe, you have in your controller (or application controller):
protect_from_forgery
That protect you from xss.
Error said: You aren't sending "InvalidAuthenticityToken" then you have
two options:
- Bypass this check in this action. In you controller put:
protect_from_forgery :except => [:autocomplete_google_map_city]
- Send the parameter "InvalidAuthenticityToken". Create a hidden
tag(helper) with it:
def token_tag
unless protect_against_forgery?
''
else
tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value => form_authenticity_token)
end
end
Regards!
--
Rafael Garcia Ortega
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Deploying Rails" group.
To post to this group, send email to rubyonrails-deployment@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-deployment?hl=en
-~----------~----~----~----~------~----~------~--~---
begin:vcard
fn;quoted-printable:Rafael Garc=C3=ADa Ortega
n;quoted-printable:Garc=C3=ADa Ortega;Rafael
org:ASPgems S.L.
email;internet:[EMAIL PROTECTED]
tel;work:692686533
x-mozilla-html:FALSE
url:http://www.aspgems.com
version:2.1
end:vcard
