Hi-
I'm working on a Rails app that exposes a simple web service and an accompanying mobile client. It appears that I am unable to POST data to the service with the CSRF protection in place.
What is the best way to deal with this from mobile clients? Should I embed the authenticity token as part of every request to the service? Seems like this wouldn't be the best approach.
Any advice would be great, thanks!