I have a rails app with a POST url which creates some resources.I have a page with a form which takes in all the information and does an AJAX call to the POST url without authenticity token.
Am doing data["authenticity_token"] = "";
, before doing the AJAX call.
Parameters logged on serverside are like below
{"utf8"=>"✓", "authenticity_token"=>"", "company_customer"=>{"name"=>"Anand"}}
The resources are created without any error(I have protect_from_forgery with: :exception
in my ApplicationController
).
But when I tried to call the same POST url from Postman, I get InvalidAuthenticityToken
error.
- Why am I getting the error?
- How does the rails app verify the authenticity of the POST request in first case?