0

I have a Rails application with articles and users. So i want that a user can login out from an client application with json object and get all the article also with a json object.

But, I have some problems. Console output:

Started POST "/articles" for 127.0.0.1 at 2012-03-30 17:29:25 +0200
Processing by ArticlesController#create as JSON
  Parameters: {"id"=>1, "article"=>{"id"=>1}}
WARNING: Can't verify CSRF token authenticity
Completed 401 Unauthorized in 1ms

And here the Controler:

class ArticlesController < ApplicationController
  before_filter :authenticate_user!, :except => [:show, :index]

  # GET /articles
  # GET /articles.json
  def index
    @articles = Article.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @articles }
    end
  end

  # GET /articles/1
  # GET /articles/1.json
  def show
    @article = Article.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @article }
    end
  end

  # GET /articles/new
  # GET /articles/new.json
  def new
    @article = Article.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @article }
    end
  end

  # GET /articles/1/edit
  def edit
    @article = Article.find(params[:id])
  end

  # POST /articles
  # POST /articles.json
  def create
    @article = Article.new(params[:article])

    respond_to do |format|
      if @article.save
        format.html { redirect_to @article, notice: 'Article was successfully created.' }
        format.json { render json: @article, status: :created, location: @article }
      else
        format.html { render action: "new" }
        format.json { render json: @article.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /articles/1
  # PUT /articles/1.json
  def update
    @article = Article.find(params[:id])

    respond_to do |format|
      if @article.update_attributes(params[:article])
        format.html { redirect_to @article, notice: 'Article was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @article.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /articles/1
  # DELETE /articles/1.json
  def destroy
    @article = Article.find(params[:id])
    @article.destroy

    respond_to do |format|
      format.html { redirect_to articles_url }
      format.json { head :no_content }
    end
  end
end

And the Model:

class Article < ActiveRecord::Base

end

The JSON that I send looks like this:

{
  "id" : 1
}

Routes

                   articles GET        /articles(.:format)                       articles#index
                        POST       /articles(.:format)                       articles#create
            new_article GET        /articles/new(.:format)                   articles#new
           edit_article GET        /articles/:id/edit(.:format)              articles#edit
                article GET        /articles/:id(.:format)                   articles#show
                        PUT        /articles/:id(.:format)                   articles#update
                        DELETE     /articles/:id(.:format)                   articles#destroy
                   root            /                                         articles#index

Now my quesiton: is my JSON object wrong or am I missing something, like the CSRF token?

Improve this question

1 Answer 1

Reset to default
1

You need to make sure the CSRF token is submitted with each JSON HTTP Request. This is how I do it:

$.ajaxSetup({
  beforeSend: function(xhr) {
    xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'));
  }
});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.