Hi, I'm making an app where messages can be posted only from mobile phones. The clients that will connect to the app will NOT use a browser but the client is developed using native language, say C++, Java, etc. Users need to be registered to be able to post.
On the server I am using restful_authentication. Clients will use XML to post stuff to the server. It is simple to use HTTP Basic authentication to post messages. But I'd like to have a real API to login once and then provide a token to the client so the next requests are done just using the token, actually I could even use the remember me token. My problem is that when I try this a POST to http://127.0.0.1.:3000/session.xml I get ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): So I can't get into the controller to start working on the logic I need. --------- I also confused since the rails docs (http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html) state that "Only HTML/JavaScript requests are checked, so this will not protect your XML API" I'm using XML here so why is the token being checked? --------- Any hints appreciated. Cheers. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
