I'm just building a simple web application in Ruby on Rails 3 RC, and I'm a little puzzled by fake protection. I plan to have a web interface as well as allow XML API calls from an iPhone application. I am currently testing this with a REST request generator, but am getting InvalidAuthenticityToken errors.
First, I thought that they only apply to queries that were not XML or JSON. Secondly, I am attaching a unique API user key with an XML request, so fake protection can be achieved in other ways (I know that it’s not completely safe, but a decent start for development).
Does anyone have any pointers to prevent this protection for XML / JSON requests to somehow override the default validation token for validation through my own Token API system before using the on-board system?
Cheers Dave Finster
source
share