Re: [Rails] CSRF tokens for mobile apps

Anish,

Check out this post

http://stackoverflow.com/questions/5669322/turn-off-csrf-token-in-rails-3

see u

2012/5/20 Anish <a4anishm@gmail.com>:
> I have an existing rails backend website which makes json ajax calls to my
> server and I was passing csrf tokens in every ajax call. Now,I am developing
> a mobile iOS app to use the same backend and send calls in json. However,
> mobile requests are failing with "Can't verify CSRF token authenticity",
> because i dont know of anyway to send the csrf token to rails from app.
>
> Looking around, many people are suggesting to disable CSRF protection if the
> call is json call - but I dont want to do that because my website all uses
> json calls and that leaves my site open for attacks.
>
> My question is:
>
> 1) How can i let my iOS app know the rails generated csrf token to use it in
> all app calls to server? Is it possible
>
> 2) Is there any other way that I can work around this problem?
>
>
> Thanks,
> Anish
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/rubyonrails-talk/-/CDfpubpXzYsJ.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.