Hi all, This is almost certainly a noob question, but I''ve hit a wall developing my rails3 app. I am looking to integrate various sections with a legacy system based on PHP. I had envisaged this being fairly straight forward, using curl to send POST requests for example. The issue / dilema I have is that all requests are met with an InvalidAuthenticityToken error. I don''t want to lose this security feature, but am not sure how to proceed in terms of providing a secure API for the integration. Is it possible to send a set token along with all requests, or am I missing something here? Any pointers would be much appreciated! Cheers, Paul Taylor -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Which direction are you curling in? From PHP to Rails, or vice-versa? Walter On Sep 27, 2010, at 8:30 AM, paulo wrote:> Hi all, > > This is almost certainly a noob question, but I''ve hit a wall > developing my rails3 app. > > I am looking to integrate various sections with a legacy system based > on PHP. I had envisaged this being fairly straight forward, using curl > to send POST requests for example. The issue / dilema I have is that > all requests are met with an InvalidAuthenticityToken error. I don''t > want to lose this security feature, but am not sure how to proceed in > terms of providing a secure API for the integration. > > Is it possible to send a set token along with all requests, or am I > missing something here? > > Any pointers would be much appreciated! > > > Cheers, > > Paul Taylor > > -- > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > . > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > . >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
From PHP to rails currently, I will need to work in both directions however going forward but could possibly just use MySQL queries from Rails to the PHP app if required Thanks, Paul On Sep 27, 2:24 pm, Walter Lee Davis <wa...-HQgmohHLjDZWk0Htik3J/w@public.gmane.org> wrote:> Which direction are you curling in? From PHP to Rails, or vice-versa? > > Walter > > On Sep 27, 2010, at 8:30 AM, paulo wrote: > > > > > Hi all, > > > This is almost certainly a noob question, but I''ve hit a wall > > developing my rails3 app. > > > I am looking to integrate various sections with a legacy system based > > on PHP. I had envisaged this being fairly straight forward, using curl > > to send POST requests for example. The issue / dilema I have is that > > all requests are met with an InvalidAuthenticityToken error. I don''t > > want to lose this security feature, but am not sure how to proceed in > > terms of providing a secure API for the integration. > > > Is it possible to send a set token along with all requests, or am I > > missing something here? > > > Any pointers would be much appreciated! > > > Cheers, > > > Paul Taylor > > > -- > > You received this message because you are subscribed to the Google > > Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails- > > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > > . > > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en > > .-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
paulo wrote:> Hi all, > > This is almost certainly a noob question, but I''ve hit a wall > developing my rails3 app. > > I am looking to integrate various sections with a legacy system based > on PHP. I had envisaged this being fairly straight forward, using curl > to send POST requests for example. The issue / dilema I have is that > all requests are met with an InvalidAuthenticityToken error. I don''t > want to lose this security feature, but am not sure how to proceed in > terms of providing a secure API for the integration.For API calls, you probably don''t want the authenticity token. That''s only for Rails-generated forms, as a measure of protection against spoofed requests. It''s meaningless for APIs. If you want a secure API, you''ll better off using OAuth or HTTP-Basic authentication, not the Rails authenticity token. A quick Google search turned up http://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-check-sometimes/ for turning off the token check sometimes.> > Is it possible to send a set token along with all requests,I don''t believe so.> or am I > missing something here? > > Any pointers would be much appreciated! > > > Cheers, > > Paul TaylorBest, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Right, will start looking in that direction then, thanks for that Marnen Paul On 27 Sep, 15:45, Marnen Laibow-Koser <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> paulo wrote: > > Hi all, > > > This is almost certainly a noob question, but I''ve hit a wall > > developing my rails3 app. > > > I am looking to integrate various sections with a legacy system based > > on PHP. I had envisaged this being fairly straight forward, using curl > > to send POST requests for example. The issue / dilema I have is that > > all requests are met with an InvalidAuthenticityToken error. I don''t > > want to lose this security feature, but am not sure how to proceed in > > terms of providing a secure API for the integration. > > For API calls, you probably don''t want the authenticity token. That''s > only for Rails-generated forms, as a measure of protection against > spoofed requests. It''s meaningless for APIs. If you want a secure API, > you''ll better off using OAuth or HTTP-Basic authentication, not the > Rails authenticity token. > > A quick Google search turned uphttp://www.patricktulskie.com/2010/04/skip-rails-authenticitytoken-ch... > for turning off the token check sometimes. > > > > > Is it possible to send a set token along with all requests, > > I don''t believe so. > > > or am I > > missing something here? > > > Any pointers would be much appreciated! > > > Cheers, > > > Paul Taylor > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > mar...-sbuyVjPbboAdnm+yROfE0A@public.gmane.org > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.