I have an existing rails backend website which makes json ajax calls to my server and I was passing csrf tokens in every ajax call. Now,I am developing a mobile iOS app to use the same backend and send calls in json. However, mobile requests are failing with “Can’t verify CSRF token authenticity”, because i dont know of anyway to send the csrf token to rails from app.
Looking around, many people are suggesting to disable CSRF protection if the call is json call - but I dont want to do that because my website all uses json calls and that leaves my site open for attacks.
My question is:
How can i let my iOS app know the rails generated csrf token to use it in all app calls to server? Is it possible
Is there any other way that I can work around this problem?