views:

119

answers:

2

I have a form on another website (using a different backend) that I want to be able to POST to my Rails application (on a different domain).

  • How do I generate a valid authenticity token for the external form so that my Rails app will accept it?
  • Assuming I can do the answer to the above question--is there anything else special I need to do to make this work? Apart from the authenticity token, the rest of it seems pretty straightforward to me...

Thanks for the help!

+1  A: 

You could just remove the check by adding a filter like:

skip_before_filter :verify_authenticity_token, :only => :action_name
JRL
Doesn't this open me up to anyone posting to my rails app? Isn't this a security concern?
neezer
You can add whatever other verification mechanism you want (ip address, whatever) in another filter, for example.
JRL
+3  A: 

You can't generate an autenticity token from outside your Rails app. What you can do, is to disable the token protection only for this action and use a custom implementation based on a before_filter.

skip_before_filter :verify_authenticity_token, :only => :my_action
before_filter :verify_custom_authenticity_token, :only => :my_action

def verify_custom_authenticity_token
  # checks whether the request comes from a trusted source
end
Simone Carletti
Nice. Thanks for the clarification!
neezer