Rails Can't verify CSRF token authenticity

Question

I've succesfully created new record by using post method api like this (Using Curl::PostField)

curl_post_fields = [
    Curl::PostField.content('first_name', first_name),
    Curl::PostField.content('last_name', last_name),]

  contact = Curl::Easy.http_post("#{ENV['API_V1_URL']}/contacts", *curl_post_fields)
  contact.ssl_verify_peer = false
  contact.http_auth_types = :basic
  contact.username = ENV['API_V1_USERNAME']
  contact.password = ENV['API_V1_PASSWORD']
  contact.perform
  response = JSON.parse(contact.body_str)

but when i was updating record via patch like this one (using json request parameter):

contact = Curl.patch("#{ENV['API_V1_URL']}/contacts/#{qontak_id}",{:email => email, :gender_id => 8})
contact.ssl_verify_peer = false
contact.http_auth_types = :basic
contact.username = ENV['API_V1_USERNAME']
contact.password = ENV['API_V1_PASSWORD']
contact.perform
response = JSON.parse(contact.body_str)

i got some errors from server

Can't verify CSRF token authenticity

Filter chain halted as :authenticate rendered or redirected

also i have turn off csrf protect_from_forgery with: :null_session

it is possible that using Curl::PostField is automatically including csrf token or are there any similar way like Curl::Postfield in patch or put method ?

Answer 1

You might try explicitly skipping the token filter.

Within your API controller:

skip_before_filter :verify_authenticity_token, only: [:put] respond_to :json

Make sure to restart your server as well. Hope this helps!