Basic authentication on public endpoint
24 views
Skip to first unread message
Marian G
Nov 26, 2019, 11:58:00 PM11/26/19
to Ruby on Rails: Talk
Hello,
after following 2 tutorials on Rails and getting those nice looking apps up and running, I would like to roll my first app.
It has only one model. An http view will display all records from the database.
The data input is not via an http form, but come as a POST call from another (external) app (json payload, in case it matters).
The “index" action on my XController (for listing the records) does not require authentication, but I would like to have basic authentication (hardcoded user+pass is fine) on the public endpoint (the “create” action).
I found http_basic_authenticate_with - but this seems to cover only the http session, so it didn’t help with the public endpoint (or I didn't manage to use it properly).
Any pointers about what I can use to secure the public endpoint?
Thank you,
Marian
Marian G
Nov 30, 2019, 3:39:42 PM11/30/19
to Ruby on Rails: Talk
I solved my problem by disabling the CSRF check on the public endpoint (according to this https://stackoverflow.com/questions/5669322/turn-off-csrf-token-in-rails-3).
Manuel Korfmann
Dec 16, 2019, 3:36:06 AM12/16/19
to 'Marian G' via Ruby on Rails: Talk
Hey,
I’m also able to create an autoresponder
How awesome am I?
Wooooooowwwwwwww I got rid of jobs, give me millions of USD
On 30. Nov 2019, at 21:39, 'Marian G' via Ruby on Rails: Talk <rubyonra...@googlegroups.com> wrote:
> I solved my problem by disabling the CSRF check on the public endpoint (according to this https://stackoverflow.com/questions/5669322/turn-off-csrf-token-in-rails-3).
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/04010c21-eb14-4e1a-8e11-7cbdf370e2c8%40googlegroups.com.
I’m also able to create an autoresponder
How awesome am I?
Wooooooowwwwwwww I got rid of jobs, give me millions of USD
On 30. Nov 2019, at 21:39, 'Marian G' via Ruby on Rails: Talk <rubyonra...@googlegroups.com> wrote:
> I solved my problem by disabling the CSRF check on the public endpoint (according to this https://stackoverflow.com/questions/5669322/turn-off-csrf-token-in-rails-3).
>
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/04010c21-eb14-4e1a-8e11-7cbdf370e2c8%40googlegroups.com.
Manuel Korfmann
Dec 16, 2019, 3:44:51 AM12/16/19
to 'Marian G' via Ruby on Rails: Talk
Hey,
I’m also able to create an autoresponder
How awesome am I?
Wooooooowwwwwwww I got rid of jobs, give me millions of USD
I’m also able to create an autoresponder
How awesome am I?
Wooooooowwwwwwww I got rid of jobs, give me millions of USD
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/bb79b067-ad31-4be8-97f9-85e0c78e1748%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages