← Back to Upcase

InvalidAuthenticityToken on a post method called from mobile


(Charlieanna) #1

I have a method in my UsersController called login.

def login
    update_all_users_who_are_not_web_to_device_identifier_as_blank
    user = User.find_by_jabber_id(params[:jabber_id])
    user.update(device_identifier: params[:device_identifier])
    render nothing: true
  end

And when I call this method from my mobile, I get an error.

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

But why don’t I get errors on other actions when called from the mobile? Doing something like this

protect_from_forgery except: :login

made the error go away. I looked at this http://stackoverflow.com/questions/16258911/rails-4-authenticity-token

but didnt understand much what was going on. Or is it because login is a post request and thats why this method expects the form to pass an authenticity token?

I think this could be the only reason. But am I right in assuming this?