How to obtain the authenticity token given the session and the devise secret key?

1
votes

How to obtain the authenticity token given the session and the secret key?

I'm using rails and devise. I want to logout from a webview on a iOS app, but I get this error:

Can't verify CSRF token authenticity

So I'm planning to obtain the token from the session cookie and using the secret key. It might not be a good idea to ship the app with the secret key on the code, but I'm just planning to do it for a prototype. (How should I do it without using the secret key?)

Better solution

If you have access to the session via the cookies, you probably have access to the meta tags of the html, so you can easily retrieve the authenticity_token with this jquery:

$('meta[name=csrf-token]').attr('content')
3
ruby-on-railssessionauthenticationdevise

3 Answers

1
votes

If you have access to the session via the cookies, you probably have access to the meta tags of the html, so you can easily retrieve the authenticity_token with this jquery:

$('meta[name=csrf-token]').attr('content')
0
votes

I have a couple of suggestions here.

First, if you're not using form_for or form_tag, I'd recommend using those. If you can't for some reason, it may be a better idea to just turn off CSRF protection for the controller/method by setting 

protect_from_forgery except :my_method_i_dont_want_protection_on

in your controller file. Not recommended though. Any reason you can't just use the form helpers that will include it for you?

0
votes

i think u r looking for this form_authenticity_token

See this