I am getting CSRF warning (resetting my session) in my rails apps whenever I post to my api_controller.rb.
My app is run on iframe in phonegap for windows phone 8 and in my application_controller, I have a p3p header to solve just this problem. But it doesn't seem to work in this case. Its like the p3p is not there...? Has anyone encountered this?
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :header_fix
protected
def header_fix
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
end
class Api::ApiController < ApplicationController
before_filter :login_required
skip_before_filter :detect_device
skip_before_filter :detect_browser
skip_before_filter :record_log
skip_before_filter :assign_packages
skip_before_filter :assign_daily_bonus
end
[2646 - 2013/04/05 13:04:23] (INFO) Started POST "/api/chests" for 60.50.19.249 at 2013-04-05 13:04:23 +0800
[2646 - 2013/04/05 13:04:23] (INFO) Processing by Api::ChestsController#create as */*
[2646 - 2013/04/05 13:04:23] (INFO) Parameters: {"force_new"=>"true"}
[2646 - 2013/04/05 13:04:23] (WARN) WARNING: Can't verify CSRF token authenticity
[2646 - 2013/04/05 13:04:23] (INFO) User agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch; NOKIA; Lumia 920)
[2646 - 2013/04/05 13:04:23] (DEBUG) User Load (4.5ms) SELECT `users`.* FROM `users` WHERE `users`.`id` IS NULL LIMIT 1
[2646 - 2013/04/05 13:04:23] (DEBUG) KeyPackage Load (1.2ms) SELECT `packages`.* FROM `packages` WHERE `packages`.`type` IN ('KeyPackage') ORDER BY cost
[2646 - 2013/04/05 13:04:23] (DEBUG) CACHE (0.0ms) SELECT `users`.* FROM `users` WHERE `users`.`id` IS NULL LIMIT 1
[2646 - 2013/04/05 13:04:23] (DEBUG) CACHE (0.0ms) SELECT `users`.* FROM `users` WHERE `users`.`id` IS NULL LIMIT 1
[2646 - 2013/04/05 13:04:23] (WARN) Lost session [60.50.19.249] (/api/chests) - Mozilla/5.0 (compatible; MSIE 10.0; Windows Phone 8.0; Trident/6.0; IEMobile/10.0; ARM; Touch; NOKIA; Lumia 920)