Ricardo Acras
Reputation: 36244
How to deal with protect_from_forgery to make Rails applications communicate?
I have a Rails app that will post some data to another Rails app. For some reasons I don't want to use ActiveResource, so I used something like:
res = Net::HTTP.post_form(URI.parse('http://localhost:3030/support_requests/new'),
{'from'=>'somebody', 'due'=>'2009-03-31'})
It happens that the other app throws a InvalidAuthenticityToken, It makes sense, since I didn't send any authenticity_token.
My question is, how can I make one app to send proper auth token to another?
Upvotes: 3
Views: 3875
Answers (1)
jonnii
Reputation: 28312
You don't have to use ActiveResources. If you send your request as xml then it'll bypass the protect_from_forgery.
curl -H "Content-Type: text/xml" -d "<support-request><from>...</from></support-request>" -X POST http://localhost:3000/support_requests.xml -i
It should be pretty straightforward.
Upvotes: 2
Related Questions
- protect_from_forgery in Rails 6?
- How to verify requests sent from one Rails app to another
- protect_from_forgery with: :exception rails 5
- 'protect_from_forgery' in Application controller in Rails
- Correct use of protect_from_forgery in Rails app serving Web and API
- How can i restrict protect_from_forgery with exception rails
- protect_from_forgery how to handle resulting exception
- Rails 3 protect_from_forgery problems
- Rails choking on the content of this request because of protect_from_forgery
- Rails: How to add an exception for an external server to request via post/put for activated protection from forgery?