paulo wrote: > Hi all, > > This is almost certainly a noob question, but I've hit a wall > developing my rails3 app. > > I am looking to integrate various sections with a legacy system based > on PHP. I had envisaged this being fairly straight forward, using curl > to send POST requests for example. The issue / dilema I have is that > all requests are met with an InvalidAuthenticityToken error. I don't > want to lose this security feature, but am not sure how to proceed in > terms of providing a secure API for the integration.
For API calls, you probably don't want the authenticity token. That's only for Rails-generated forms, as a measure of protection against spoofed requests. It's meaningless for APIs. If you want a secure API, you'll better off using OAuth or HTTP-Basic authentication, not the Rails authenticity token. A quick Google search turned up http://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-check-sometimes/ for turning off the token check sometimes. > > Is it possible to send a set token along with all requests, I don't believe so. > or am I > missing something here? > > Any pointers would be much appreciated! > > > Cheers, > > Paul Taylor Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
