How to deal with_from_forgery protection so that Rails applications exchange data?

Question

How to deal with_from_forgery protection so that Rails applications exchange data?

I have a Rails application that will publish some data in another Rails application. For some reason, I don't want to use ActiveResource, so I used something like:

  res = Net::HTTP.post_form(URI.parse('http://localhost:3030/support_requests/new'),
                                    {'from'=>'somebody', 'due'=>'2009-03-31'})

It happens that another application throws an InvalidAuthenticityToken . This makes sense since I did not send any authentication token.

My question is: how can I make one application to send the correct authentication token to another?

+3

ruby-on-rails

Ricardo acras Nov 06 '08 at 17:13

source share

1 answer

jonnii · Accepted Answer · 2008-11-06T17:26:43+0000

You do not need to use ActiveResources. If you submit your request as xml, it bypasses_from_forgery protection.

curl -H "Content-Type: text/xml" -d "<support-request><from>...</from></support-request>" -X POST http://localhost:3000/support_requests.xml -i

It should be pretty simple.

How to deal with_from_forgery protection so that Rails applications exchange data?

More articles: