Context: I'm playing with a Jquery Mobile app and a Rails backend server. I create users from the app, through a POST Ajax call. The back end is, by all purposes for the mobile app, just an API.
I've been all evening reading about this CSRF token authenticity issue, and cannot find how to kill it. I'm on Rails 4 and Devise 3.1 (with token_authenticatable module)
This is the log on console when I try to save a user through the app
Started POST "/users.json" for IP at 2013-09-28 00:05:17 +0200
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"username"=>"seba", "email"=>"mail@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}
Can't verify CSRF token authenticity
user:
(0.1ms) begin transaction
(0.1ms) rollback transaction
Completed 422 Unprocessable Entity in 9ms (Views: 0.3ms | ActiveRecord: 0.2ms)
I read on this site, that if I put the following line
skip_before_filter :verify_authenticity_token
in my custom Registration controller, the verification error would be gone. It does, but now there's a warning:
Started POST "/users.json" for IP at 2013-09-28 02:38:16 +0200
DEPRECATION WARNING: devise :token_authenticatable is deprecated. Please check Devise 3.1 release notes for more information on how to upgrade. (called from <class:User> at /home/seba/repos/elsapo/app/models/user.rb:4)
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"username"=>"seba", "email"=>"mail@gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}
user:
(0.1ms) begin transaction
(0.2ms) rollback transaction
Completed 422 Unprocessable Entity in 65ms (Views: 0.4ms | ActiveRecord: 1.5ms)
The line user: is the logger.debug, to see if I'm storing something. In both cases, my app continues to show the same message after submitting the date: "email can't be blank" and then "password can't be blank"
Any pointers or suggestions? I anyone needs more information, I'll gladly deliver it.
