InvalidAuthenticityToken when using XML, why?

rubyonrails-talk
1

Hi,

I'm making an app where messages can be posted only from mobile phones. The clients that will connect to the app will NOT use a browser but the client is developed using native language, say C++, Java, etc. Users need to be registered to be able to post.

On the server I am using restful_authentication. Clients will use XML to post stuff to the server.

It is simple to use HTTP Basic authentication to post messages. But I'd like to have a real API to login once and then provide a token to the client so the next requests are done just using the token, actually I could even use the remember me token.

My problem is that when I try this a POST to http://127.0.0.1.:3000/session.xml I get ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): So I can't get into the controller to start working on the logic I need.

2

Hi,

For the sake of sharing with others in case it might help...

I had to add Content-Type: text/xml to the headers in the post request. Doing that stopped the token error.

Now I have started doing some changes so the mobile client can login with XML and receive a new client_auth_token. For that I have created a new remember token for the mobile case to the user model, so I can use the existing remember me functionality of restful_authentication as a base. The client uses that cookie for using the API. Some changes to the plugin are needed for this but I hope/think I'm in the right track.

Cheers.