Sorry... what? Your answer is somewhat cryptic... Are you recommending http basic?
On Jan 13, 1:16 pm, Frederick Cheung <[email protected]> wrote: > On 13 Jan 2009, at 11:08, phil wrote: > > > > > isn't that a security hole? > > Is there a way around this with some sort of authentication on the > > method? (http basic for instance)? > > Could I do what you suggest but then also code the method to use that? > > You're not going to want to have crsf tokens and what not for an api. > It doesn't make any sense. Use http basic, restrict it to requests > from the internal network, use api tokens etc... etc... > The world is your oyster. > > Fred > > > Sorry - this kind of thing is new to me! > > > On Jan 13, 11:05 am, "Simon Macneall" <[email protected]> wrote: > >> Hi, > > >> Put protect_from_forgery :except => :index at the top of your > >> controller, > >> where :index is your action. > > >> Cheers > >> Simon > > >> On Tue, 13 Jan 2009 18:28:28 +0900, phil <[email protected]> wrote: > > >>> Hi, > >>> I am trying to post some data to our existing Rails application > >>> from a > >>> seperate java application. I am running into the problem of not > >>> having > >>> a valid authenticity token. How can I get around this? > >>> The java app is not totally under our control so I don't think I can > >>> add stuff like session handling to it (and I shouldn't have to!). > > >>> Anyone have experience with this? > > >>> Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
