I need to make an HTTP request POSTfrom outside the browser, but the back-end Rails does not accept authentication (error 401). I know that I need to transfer the CSRF token in such cases, but it does not work.
When I make a request through a form in a browser, it works as expected, but when I try to simulate an identical request (in terms of headers and cookies) from outside the browser (for example, using curl), authentication does not work.
Two small changes allowed me to succeed without a browser: (1) disable protect_from_forgery, which checks CSRF or (2), using GETinstead POSTfor request. In both cases, just skip the cookie. This means that the problem is definitely related to CSRF materials.
So my question is: how can I make a CSRF-protected HTTP POSTRails server without using a browser?
To clarify, the process is divided into three stages:
Input : returns a cookie to identify the session;
New : a GETrequest that returns a CSRF token that will be used later (uses a cookie);
Create : a POSTrequest that sends the information I want to create (uses both a session cookie and a CSRF token).
, , - .