Right, will start looking in that direction then, thanks for that Marnen
Paul On 27 Sep, 15:45, Marnen Laibow-Koser <[email protected]> wrote: > paulo wrote: > > Hi all, > > > This is almost certainly a noob question, but I've hit a wall > > developing my rails3 app. > > > I am looking to integrate various sections with a legacy system based > > on PHP. I had envisaged this being fairly straight forward, using curl > > to send POST requests for example. The issue / dilema I have is that > > all requests are met with an InvalidAuthenticityToken error. I don't > > want to lose this security feature, but am not sure how to proceed in > > terms of providing a secure API for the integration. > > For API calls, you probably don't want the authenticity token. That's > only for Rails-generated forms, as a measure of protection against > spoofed requests. It's meaningless for APIs. If you want a secure API, > you'll better off using OAuth or HTTP-Basic authentication, not the > Rails authenticity token. > > A quick Google search turned > uphttp://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-ch... > for turning off the token check sometimes. > > > > > Is it possible to send a set token along with all requests, > > I don't believe so. > > > or am I > > missing something here? > > > Any pointers would be much appreciated! > > > Cheers, > > > Paul Taylor > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > [email protected] > -- > Posted viahttp://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
