Rails - Nov 2008 - InvalidAuthenticityToken when using XML, why?

Hi,

I''m making an app where messages can be posted only from mobile phones.
The clients that will connect to the app will NOT use a browser but the
client is developed using native language, say C++, Java, etc. Users
need to be registered to be able to post.

On the server I am using restful_authentication. Clients will use XML to
post stuff to the server.

It is simple to use HTTP Basic authentication to post messages. But I''d
like to have a real API to login once and then provide a token to the
client so the next requests are done just using the token, actually I
could even use the remember me token.

My problem is that when I try this a POST to
http://127.0.0.1.:3000/session.xml
I get ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
So I can''t get into the controller to start working on the logic I
need.

---------

I also confused since the rails docs
(http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html)
state that "Only HTML/JavaScript requests are checked, so this will not
protect your XML API"

I''m using XML here so why is the token being checked?

---------

Any hints appreciated.

Cheers.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi,

For the sake of sharing with others in case it might help...

I had to add Content-Type: text/xml to the headers in the post request. 
Doing that stopped the token error.

Now I have started doing some changes so the mobile client can login 
with XML and receive a new client_auth_token. For that I have created a 
new remember token for the mobile case to the user model, so I can use 
the existing remember me functionality of restful_authentication as a 
base. The client uses that cookie for using the API. Some changes to the 
plugin are needed for this but I hope/think I''m in the right track.

Cheers.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---