Rails: How to add an exception for an external server to request via post/put for activated protection from forgery?

Question

How can I allow a specific server/url to send for example a post request if I have activated protect_from_forgery in a Ruby on Rails application? Usually it is a desired behaviour that a Rails application blocks requests from other servers and so I also want to keep this functionality and I do not want to switch protect_from_forgery off. But I want to send a post request from an external application to my Rails application and so I would like to allow this specific application to send post requests. So I would need to either create an authenticity token that my application accepts in the remote application or I would need to add an exception for that specific remote server/url. Is that possible and if yes - how?

Answer 1

skip_before_filter :verify_authenticity_token, :only => :action_name

and then have some other verification (HMAC, whatever) that you check in your application.