Urmm I think its from ActionView, essentially its just creates and matches authenticity tokens and time and response.
With api keys im not sure of any tutorials but when someone signs up you can create a ramdon key for them (md5 ruby class with do that you) and then you can authenticate each request with that key, to check if its valid and you can also check on usage limits and user agents (watch out for curl). Alex On 12 Dec 2009, at 00:37, doug livesey wrote: > Hm -- I have it called in ApplicationController, as is the Rails default. > That suggests that I could override it for the controller in question to > disable it. > I'm off to bed, now, but will give that a try & report back. > As to what you suggest (with the api keys) -- do you know, offhand, of any > examples or tuts for this? I've had a (quick, cuz it's late) look about, and > can't even see where the key for protect_from_forgery is coming from. > Cheers, > Doug. > > 2009/12/12 Alex Barlow <[email protected]> > Im not sure what you mean by controller names > >> protect_from_forgery > > is used inside each controller to control specific actions, if its a > webservice you creating and it need authentication etc, i suggest api keys, > thats hashed, so they have to send that with each request > > > On 12 Dec 2009, at 00:24, doug livesey wrote: > >> Unfortunately, the app is mainly (but not all) a web service, and as I use >> RESTful methods, I can't be selective with actions. >> Unless there's some way to specify controller names in the except option, as >> well? >> >> 2009/12/11 Alex Barlow <[email protected]> >> If you have one action that is only json it is safe to... >> >> protect_from_forgery :except => [:get_json] >> >> Alex >> >> On 11 Dec 2009, at 23:56, doug livesey wrote: >> >>> Hi -- does anyone know how to get the request_from_forgery method to ignore >>> JSON calls, like it does for XML? >>> Cheers, >>> Doug. >>> >>> -- >>> >>> You received this message because you are subscribed to the Google Groups >>> "NWRUG" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/nwrug-members?hl=en. >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "NWRUG" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/nwrug-members?hl=en. >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "NWRUG" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/nwrug-members?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > "NWRUG" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nwrug-members?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > "NWRUG" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nwrug-members?hl=en. -- You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en.
