Passing data to a ruby on rails app from curl from the shell

Question

Using curl from the shell sending a GET to a Ruby on Rails app works like a charm. However, with PUT, POST, etc. there is the CSRF token to contend with. I can't seem to get the right syntax in the shell (or in PHP for that matter) for passing this data. I think it should be something like

curl -v -XPUT -i http://my-server:8080/some_command --data "somevalue=1" --data-urlencode X-CSRF-Token=$AUTH

but that doesn't work. (nor does authenticity_token=$AUTH)

Note that AUTH is set to the session variable shown in the browser when a browser load of this page is done.

When I do this, I get a 302 redirect to the login page.

The log says,

WARNING: Can't verify CSRF token authenticity 
Completed 401 Unauthorized in 0ms

and then it redirects me to the login page (302).

If you get redirect to login page I think the problem is not with CSRF. What does the log say? — Mike Szyndel, Jul 06 '13 at 18:40
In my Rails app in generated forms I have `` so if adding `authenticity_token=TOKEN` to data doesn't work for you that means you have wrong token — Mike Szyndel, Jul 06 '13 at 19:20
Refer to this answer http://stackoverflow.com/questions/941594/understand-rails-authenticity-token that should light things up — Mike Szyndel, Jul 06 '13 at 19:22

score 0 · Answer 1 · answered Jul 07 '13 at 22:44

you can set your controller actions to skip authenticity_token checks (you may or may not want to do this?)

# skip CSRF checking for json requests
skip_before_filter :verify_authenticity_token, 
  :if => Proc.new { |c| c.request.format == 'application/json' }

Passing data to a ruby on rails app from curl from the shell

1 Answers1