Rails 3 protect_from_forgery problems

php ruby-on-rails protect-from-forgery
dennismonsewicz picture dennismonsewicz · Sep 10, 2010 · Viewed 7.1k times · Source

I have two applications that need to talk to each other over HTTP. One is a PHP app and the other is my main app, the Rails app. I am needing the PHP app to talk to the Rails app by POSTing data to it, but when I do, I receive the Invalid Authenticity Token error. Is there anyway around this? Or how would I just create my own token to pass along the POST so that my Rails app authenticates?

Answer

Rob Di Marco picture Rob Di Marco · Sep 10, 2010

From the documentation for ActionController::RequestForgeryProtection::ClassMethods

You can skip the authentication token requirement either by specifying and :except or by forcing the before filter to be skipped....Example from the documentation... 

class FooController < ApplicationController
    protect_from_forgery :except => :index

    # you can disable csrf protection on controller-by-controller basis:
    skip_before_filter :verify_authenticity_token
end

Related questions

fetch patch request is not allowed

I have two apps one is a react front end and the second one is the rails-api app. I have been happily using isomorphic-fetch till I needed to send PATCH method to the server. I am getting: Fetch API cannot …

Read More
Ruby on Rails Integration With Wordpress

I have a client who has requested for me to build them a website with a very user friendly way to update content. They have expressed familiarity with wordpress, and expressed interest in being able to use the wordpress front-end …

Read More
How to catch the HTTP POST request sent by a Shopify Webhook

I'm somewhat of a noob, and not afraid to admit that, I'm working on this project as a learning experience to get better with php and serverside script/ing handling. I'm trying to come up with a way to use …

Read More