Reputation: 75
Rails CSRF with json requests
Is there a way to make post/put/patch/delete requests from an android application to my rails application which responds with json files and at the same time have CSRF active on my server?
So in other words I want to have protection from forgery when making requests from my android app since it will have an ability to modify the webapp data.
Upvotes: 1
Views: 173
Answers (1)
Reputation: 2532
I think an impractical solution would be to create a method that outputs a CSRF token, and load this prior to each post/put request.
I usually take a different approach on my APIs that handle sensitive data though - I bypass CSRF and I use SSL for everything, validate certificates, and always post a checksum (based on a static API key and a hash for the current user which I output at login time) of the request which I verify on the server side before processing.
Upvotes: 1
Related Questions
- Can comments be used in JSON?
- How can I pretty-print JSON in a shell script?
- Why does Google prepend while(1); to their JSON responses?
- Why is it common to put CSRF prevention tokens in cookies?
- pretty-print JSON using JavaScript
- Which JSON content type do I use?
- Use of PUT vs PATCH methods in REST API real life scenarios
- How do I POST JSON data with cURL?
- How do I format a Microsoft JSON date?
- How to POST JSON data with Python Requests?