> I have an existing rails backend website which makes json ajax calls to my > server and I was passing csrf tokens in every ajax call. Now,I am > developing a mobile iOS app to use the same backend and send calls in json. > However, mobile requests are failing with "Can't verify CSRF token > authenticity", because i dont know of anyway to send the csrf token to > rails from app.
This isn't so much a rails question as an iOS programming question. In addition, a little very simple googling shows everything you need to know to be able to do this (simple enough that it's obvious you didn't even try). Check out http://stackoverflow.com/questions/3047563/rails-3-authenticity-token to see how the token is sent to a browser. You can probably just use: <%= form_authenticity_token %> to set the value of the token in your initial response to the iOS app. A quick test shows that AJAX requests to the server include the token as a custom header in the request. To learn how to set a custom http header in your iOS app, see: http://stackoverflow.com/questions/1532206/changing-the-useragent-of-nsurlconnection Jim -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.