REST token

26 views
Skip to first unread message

cyril...@gmail.com

unread,
Apr 17, 2016, 5:10:13 PM4/17/16
to Fat Free CRM Developers
Hi guys,
I have spent more than couple of hours of getting an auth token over REST, I can get all I want with Basic Authentication with GET method,thats ok, but when I want to post something to server I am getting an InvalidAuthenticityToken error message. I thought that GET http://localhost:3000/authentication.json with basic auth will get me back json with that token but it just return the dashboard and no json that I would expect.

I will be thankful with any help.

Many thanks Cyril. 


Steve Kenworthy

unread,
Apr 20, 2016, 12:49:50 AM4/20/16
to fat-free...@googlegroups.com
My understanding is that AuthenticityTokens are used mainly on HTML form POST requests and are generally disabled for API POSTs.

Here's an example from the Rails docs that mentions this exact case: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html

More reading on CSRF attacks: http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf (you'll want to consider these if you turn off the token validation.)

Regards,
Steve

--
You received this message because you are subscribed to the Google Groups "Fat Free CRM Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fat-free-crm-d...@googlegroups.com.
To post to this group, send email to fat-free...@googlegroups.com.
Visit this group at https://groups.google.com/group/fat-free-crm-dev.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages