ActionController::InvalidAuthenticityToken (ActionContro

rubyonrails-talk
1

Hi guys,

What I do is that I allow the creation of a comment from a mobile device using XML sending:

<?xml version="1.0" encoding="UTF-8"?> <comment>   <body>Comment from curl</body> </comment>

To http://user1:pass1@127.0.0.1.:3000/programs/1/comments

So I used protect_from_forgery :only => [:update, :destroy] to be able to access the :create

But now it is open. As you can see in the request I put the username and password so the comment can be created.

How should I do this in a secure way? Both regarding the protect_from_forgery and the username and password transfer?

Thanks!

2

The protect_from_forgery :only => [:create, :update, :destroy] is exactly what i needed to make my auto_complete work. Thanks alot :slight_smile:

3

could you try to include prototype in your layout? It's work for me :slight_smile: