We plan interaction between php script with ruby ββon rails server and vice versa.
Whenever I make post data freeze with php script, on rails server notification displays is "Can't verify CSRF token authenticity" .
I pass authenticity_token in the message parameters. We need how to safely use this token on the rails server.
<?php class active_merchant{ private $endpoint_url; // server address or url where data is to be posted. private $params; // form fields private $fields_count; // count of fields in credit card public function __construct(){ $this->endpoint_url = "http://localhost:8080/activemerchant/index"; $token = md5('random'); $this->params = array('name'=>'test','authenticity_token'=>$token); } /* function curl_post makes a curl post to the end point url global variables */ public function curl_post(){ try{ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->endpoint_url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($this->params)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); $response = curl_exec($ch); print_r($response); //return $response; }catch(Exception $e){ throw new Exception($e->getMessage(),$e->getCode(),$e->gtLine()); } } } $active_merchant = new active_merchant(); $active_merchant->curl_post(); ?>
Rails Code -
class ActivemerchantController < ApplicationController protect_from_forgery except: :index def index Rails.logger.debug params.inspect puts params.inspect self.response_body = "Hello, world!" end end
Can someone tell us how we can keep our token authenticity random, consistent and secure between two servers (php and ruby ββon rails).
ruby php ruby-on-rails curl ruby-on-rails-3
Sashant pardeshi
source share