This is almost certainly a noob question, but I've hit a wall
developing my rails3 app.
I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don't
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.
Is it possible to send a set token along with all requests, or am I
missing something here?
From PHP to rails currently, I will need to work in both directions
however going forward but could possibly just use MySQL queries from
Rails to the PHP app if required
This is almost certainly a noob question, but I've hit a wall
developing my rails3 app.
I am looking to integrate various sections with a legacy system based
on PHP. I had envisaged this being fairly straight forward, using curl
to send POST requests for example. The issue / dilema I have is that
all requests are met with an InvalidAuthenticityToken error. I don't
want to lose this security feature, but am not sure how to proceed in
terms of providing a secure API for the integration.
For API calls, you probably don't want the authenticity token. That's
only for Rails-generated forms, as a measure of protection against
spoofed requests. It's meaningless for APIs. If you want a secure API,
you'll better off using OAuth or HTTP-Basic authentication, not the
Rails authenticity token.
A quick Google search turned up
for turning off the token check sometimes.
Is it possible to send a set token along with all requests,