I have two applications that need to talk to each other over HTTP. One is a PHP app and the other is my main app, the Rails app. I am needing the PHP app to talk to the Rails app by POSTing data to it, but when I do, I receive the Invalid Authenticity Token error. Is there anyway around this? Or how would I just create my own token to pass along the POST so that my Rails app authenticates?
Rails 3 protect_from_forgery problems
Asked Answered
From the documentation for ActionController::RequestForgeryProtection::ClassMethods
You can skip the authentication token requirement either by specifying and :except or by forcing the before filter to be skipped....Example from the documentation...
class FooController < ApplicationController
protect_from_forgery :except => :index
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
would it not be better to fetch the authenticity token by a separate get request and then use that to post the form using PHP? Is disabling the token not a security concern? –
Delineation
I agree, you shouldn't disable protection for Index and POST. Anybody trying to do this should follow Alex's suggestion or at least use a different action and place some other kind of security like accepting requests coming only from a known IP, using request.remote_ip to discard unwanted IPs. –
Chiropteran
© 2022 - 2024 — McMap. All rights reserved.