I am trying to write a REST web service
testing locally is fine but whane I deploy the server and try test it
via curl
curl -i -X POST -H ‘Content-Type:application/xml’ -d ‘’
http://mytesteddomain.tld/user/posts/createReference.xml
I get an error :
ERROR TYPE: ActionController::InvalidAuthenticityToken
ERROR MESSAGE: ActionController::InvalidAuthenticityToken
I don’t have any protection in my app as I put a filter to avoid the
login check
before_filter :login_required, :except => [ :createReference]
my Apache vhost.conf doesn’t block :
<Directory “/var/rails/mytesteddomainname/current/public”>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
where should I start looking for ?
thansk for your help
curl -i -X POST -H ‘Content-Type:application/xml’ -d ‘’
http://mytesteddomain.tld/user/posts/createReference.xml
Shouldn’t that URL have a user number in it e.g. …/user/1/posts/…
without that it is probably redirecting to a secured page and hence the
error.
Kad K. escribió:
ERROR TYPE: ActionController::InvalidAuthenticityToken
ERROR MESSAGE: ActionController::InvalidAuthenticityToken
Maybe, you have in your controller (or application controller):
protect_from_forgery
That protect you from xss.
Error said: You aren’t sending “InvalidAuthenticityToken” then you have
two options:
- Bypass this check in this action. In you controller put:
protect_from_forgery :except =>
[:autocomplete_google_map_city]
- Send the parameter "InvalidAuthenticityToken". Create a hidden
tag(helper) with it:
def token_tag
unless protect_against_forgery?
‘’
else
tag(:input, :type => “hidden”, :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token)
end
end
Regards!
–
Rafael Garcia Ortega