Hmmm.... I am not sure. What I want is to use the create (post) from outside of Rails from a page from another web app (not Rails). The front end does the sign on and other stuff and we are like an add-on. Does that make sense? Perhaps that is pure heresy and I should provide a web service and have the "front end" page call that via Ajax?
Apologies if that sounds stupid... I am assuming Rails is pretty capable for implementing web services.. except I thought I read I'd have to step up and do the forgery protection and such myself. - John On Dec 9, 9:10 am, "James Englert" <[EMAIL PROTECTED]> wrote: > Its allowed. I think you may need to use something like the following: > > protect_from_forgery :only => [:create, ...] > > Hope that helps. > > On Mon, Dec 8, 2008 at 9:46 PM, Jferg <[EMAIL PROTECTED]> wrote: > > > I have recently been learning and trying to develop some application > > parts using Rails. One issue I may have is that one of the potential > > clients will want to have one of their external web pages POST to the > > Rails controller. > > > I tried the naive approach - copy the HTML generated for the Rails > > controller action for doing the same POST (Create of a domain > > object). I had this working, or so I thought until I restarted the > > server and the hidden field for the application authenticity_token had > > a value which was no longer valid. > > > I have looked around for various workarounds. > > > Is there a Rails Way to have an HTML page which is served as <app>/ > > public/welcome.html be able to do an HTML POST to the Rails > > controller? > > > Is this simply not allowed? > > > Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
