1

Is there a way to make post/put/patch/delete requests from an android application to my rails application which responds with json files and at the same time have CSRF active on my server?

So in other words I want to have protection from forgery when making requests from my android app since it will have an ability to modify the webapp data.

Improve this question

1 Answer 1

Reset to default
1

I think an impractical solution would be to create a method that outputs a CSRF token, and load this prior to each post/put request.

I usually take a different approach on my APIs that handle sensitive data though - I bypass CSRF and I use SSL for everything, validate certificates, and always post a checksum (based on a static API key and a hash for the current user which I output at login time) of the request which I verify on the server side before processing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.