On 13 Jan 2009, at 11:08, phil wrote:
> > isn't that a security hole? > Is there a way around this with some sort of authentication on the > method? (http basic for instance)? > Could I do what you suggest but then also code the method to use that? > You're not going to want to have crsf tokens and what not for an api. It doesn't make any sense. Use http basic, restrict it to requests from the internal network, use api tokens etc... etc... The world is your oyster. Fred > Sorry - this kind of thing is new to me! > > On Jan 13, 11:05 am, "Simon Macneall" <[email protected]> wrote: >> Hi, >> >> Put protect_from_forgery :except => :index at the top of your >> controller, >> where :index is your action. >> >> Cheers >> Simon >> >> On Tue, 13 Jan 2009 18:28:28 +0900, phil <[email protected]> wrote: >> >>> Hi, >>> I am trying to post some data to our existing Rails application >>> from a >>> seperate java application. I am running into the problem of not >>> having >>> a valid authenticity token. How can I get around this? >>> The java app is not totally under our control so I don't think I can >>> add stuff like session handling to it (and I shouldn't have to!). >> >>> Anyone have experience with this? >> >>> Thanks! > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
