How can I allow a specific server/url to send for example a post request if I have activated
protect_from_forgery in a Ruby on Rails application? Usually it is a desired behaviour that a Rails application blocks requests from other servers and so I also want to keep this functionality and I do not want to switch
protect_from_forgery off. But I want to send a post request from an external application to my Rails application and so I would like to allow this specific application to send post requests. So I would need to either create an authenticity token that my application accepts in the remote application or I would need to add an exception for that specific remote server/url. Is that possible and if yes - how?
Rails has_many with alias name
and then have some other verification (HMAC, whatever) that you check in your application..
skip_before_filter :verify_authenticity_token, :only => :action_name
Ruby on Rails modules, code sharing, and community
Rails routing and URI fragment identifier