Hi,
I am working on a RESTful website and also want to support XML as content type. However, I want to protect all XML actions with OAuth so that we can control, monitor and maybe limit access to the API in the future.
I installed the Rails oauth-plugin which works perfectly. I added this to the application controller:
before_filter :require_oauth_for_xml_requests
def require_oauth_for_xml_requests if params[:format] == 'xml' oauth_required else true end end
The problem is that this only works if accessing something like '/users.xml'. If HTTP headers are set instead I cannot detect the proper type. The action is not protected if I use:
curl -H 'Accept: application/xml' -H 'Content-Type: application/xml' 'http://localhost:3000/users’
The HTTP headers can be inspected in the request object but there are many combinations and it is probably not a good idea to just check if the content-type equals "application/xml" as it can also be placed at another position in the list.
How could my require_oauth_for_xml_requests method be fixed to detect all XML requests?
I would appreciate any help.
Thanks, Sascha