On Sunday, 20 May 2012 19:26:08 UTC-4, Anish wrote:
>
> I have an existing rails backend website which makes json ajax calls to my
> server and I was passing csrf tokens in every ajax call. Now,I am
> developing a mobile iOS app to use the same backend and send calls in json.
> However, mobile
that is straight forward: just copy the form_authenticity_token to a header
field and let your app send it back as header
https://github.com/mkristian/ixtlan-translations/blob/master/app/controllers/local_controller.rb
that is the controller I use as base for my controllers talking to
rest-clie
Hey Jim, don't be a jerk, especially when your answer is wrong.
Using <%= form_authenticity_token %> doesn't work because you don't have
a server to dynamically insert content into html as an app is static and
packaged on the client device (iPhone/iPad).
CSRF should not be a possible attack ins
> I have an existing rails backend website which makes json ajax calls to my
> server and I was passing csrf tokens in every ajax call. Now,I am
> developing a mobile iOS app to use the same backend and send calls in json.
> However, mobile requests are failing with "Can't verify CSRF token
> authe
4 matches
Mail list logo