Using curl
from the shell sending a GET to a Ruby on Rails app works like a charm. However, with PUT, POST, etc. there is the CSRF token to contend with. I can't seem to get the right syntax in the shell (or in PHP for that matter) for passing this data. I think it should be something like
curl -v -XPUT -i http://my-server:8080/some_command --data "somevalue=1" --data-urlencode X-CSRF-Token=$AUTH
but that doesn't work. (nor does authenticity_token=$AUTH
)
Note that AUTH is set to the session variable shown in the browser when a browser load of this page is done.
When I do this, I get a 302 redirect to the login page.
The log says,
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 0ms
and then it redirects me to the login page (302).