Re: REST web service

Erwin,

The authenticity token requirement is being introduced by
the call to
#protect_from_forgery and is completely independent of your
filter.
It's purpose is to (help) guarantee that the postback came
from a
valid webpage, etc. If you are going to control both ends of
your
webservice, you can probably make use of the :secret and
:digest
options for #protect_from_forgery to create an expected
authenticity_token that can be passed between your
webservice and it's
client.


HTH,
AndyV

On Jan 16, 5:54 pm, Erwin <yves_duf...mac.com> wrote:
> I am trying to set up REST web service w Rails 2.0.2,
>
> I don't have any problem with the GET
>
> url = "http://#/posts/online.xml"
;
> result = Net::HTTP.get(URI(url))
> I get the expected result
>
> but when I try to use a POST,
> url = URI.parse("http://#//user/posts/createRef
erence.xml")
> ..  post_args1,...post_args2....
> resp, data = Net::HTTP.post_form(url, {post_args1,
post_args2} )
>
> I get a 401 Unauthorized error
> (ERROR TYPE:
ActionController::InvalidAuthenticityToken)
>
> In my server PostsController, I have a filter , but I
wrote :
> class PostsController < ApplicationController
>  before_filter :login_required,  :except =>
> [ :online,  :createReference]
> so the login is not required for both actions online
and
> createReference
>
> in my routes  I have :
> map.resources :posts,  :collection => {:online =>
:get}
> and
>   map.resource :user, :controller =>
"users"  do |user|
>     user.resources :posts, :collection =>
{:createReference => :post }
> end
>
> I know that AuthenticityToken is quite new with 2.0 and
forms
> I am using
>
> class ApplicationController <
ActionController::Base
>   include AuthenticationSystem,
>     protect_from_forgery
>
> where should I start to investigate ?
>
> thanks for your help
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails" group.
To post to this group, send email to rubyonrailsgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-unsubscribegooglegroups.com
For more options, visit this group at http://gro
ups.google.com/group/rubyonrails
-~----------~----~----~----~------~----~------~--~---

Thanks got it on ,  very very useful indeed !!

On 21 jan, 18:27, AndyV <a...cornell.edu> wrote:
> Erwin,
>
> The authenticity token requirement is being introduced
by the call to
> #protect_from_forgery and is completely independent of
your filter.
> It's purpose is to (help) guarantee that the postback
came from a
> valid webpage, etc. If you are going to control both
ends of your
> webservice, you can probably make use of the :secret
and :digest
> options for #protect_from_forgery to create an
expected
> authenticity_token that can be passed between your
webservice and it's
> client.
>
> HTH,
> AndyV
>
> On Jan 16, 5:54 pm, Erwin <yves_duf...mac.com> wrote:
>
> > I am trying to set up REST web service w Rails
2.0.2,
>
> > I don't have any problem with the GET
>
> > url = "http://#/posts/online.xml"
;
> > result = Net::HTTP.get(URI(url))
> > I get the expected result
>
> > but when I try to use a POST,
> > url = URI.parse("http://#//user/posts/createRef
erence.xml")
> > ..  post_args1,...post_args2....
> > resp, data = Net::HTTP.post_form(url, {post_args1,
post_args2} )
>
> > I get a 401 Unauthorized error
> > (ERROR TYPE:
ActionController::InvalidAuthenticityToken)
>
> > In my server PostsController, I have a filter ,
but I wrote :
> > class PostsController < ApplicationController
> >  before_filter :login_required,  :except =>
> > [ :online,  :createReference]
> > so the login is not required for both actions
online and
> > createReference
>
> > in my routes  I have :
> > map.resources :posts,  :collection => {:online
=> :get}
> > and
> >   map.resource :user, :controller =>
"users"  do |user|
> >     user.resources :posts, :collection =>
{:createReference => :post }
> > end
>
> > I know that AuthenticityToken is quite new with
2.0 and forms
> > I am using
>
> > class ApplicationController <
ActionController::Base
> >   include AuthenticationSystem,
> >     protect_from_forgery
>
> > where should I start to investigate ?
>
> > thanks for your help
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails" group.
To post to this group, send email to rubyonrailsgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-unsubscribegooglegroups.com
For more options, visit this group at http://gro
ups.google.com/group/rubyonrails
-~----------~----~----~----~------~----~------~--~---