server and I was passing csrf tokens in every ajax call. Now,I am
developing a mobile iOS app to use the same backend and send calls in json.
However, mobile requests are failing with "Can't verify CSRF token
authenticity", because i dont know of anyway to send the csrf token to
rails from app.
Looking around, many people are suggesting to disable CSRF protection if
the call is json call - but I dont want to do that because my website all
uses json calls and that leaves my site open for attacks.
My question is:
1) How can i let my iOS app know the rails generated csrf token to use it
in all app calls to server? Is it possible
2) Is there any other way that I can work around this problem?
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/CDfpubpXzYsJ.
To post to this group, send email to email@example.com.
To unsubscribe from this group, send email to firstname.lastname@example.org.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.