Getting an ActionController::InvalidAuthenticityToken for my XML

Question

I am working with a third-party API. That server is supposed to POST back to my URL.

My URL is:

http://www.mydomain.com/teleku/playvoice.xml

The controller has some logic, but basically contains a respond_to do block and the corresponding view is a very basic xml builder.

However, I get the following error in the logs:

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): haml (2.2.17) [v] lib/sass/plugin/rails.rb:19:in process_without_compass' compass (0.8.17) [v] lib/compass/app_integration/rails/action_controller.rb:7:in process'

Answer 1

OK. This is what i could figure out:

Example explanation:

http://www.teleku.com/examples#highlowruby

From the example gist thats provided by teleku:

http://gist.github.com/raw/317657/38cd329895c79bd49e91304a6fe7cb1f88e02065/HighLow%20Ruby%20Sinatra%20Teleku%20PhoneML%20Voice%20Applications

It looks like there is no auth token required. So you can use curl to test,

curl --data-urlencode "callerinput=lower" http://highlow.heroku.com/guess/10 where my guess is 10 and i am betting lower than the randomly selected number by the dealer. It works. But if you want to make it work in your application you should encode the authenticity token into the url too. For Example, if the same app had protect_from_forgery enabled, then it would be:

curl --data-urlencode "callerinput=lower&authenticity_token=blahblahblah" http://highlow.heroku.com/guess/10"

Answer 2

To disable this check add this to your controller:

protect_from_forgery :except => [:your_method_name]