I'm working on a Rails app that exposes a simple web service and an
accompanying mobile client. It appears that I am unable to POST data
to the service with the CSRF protection in place.
What is the best way to deal with this from mobile clients? Should I
embed the authenticity token as part of every request to the service?
Seems like this wouldn't be the best approach.
Any advice would be great, thanks!