We are planning interaction between php script to ruby on rails server and vice-versa.
Whenever I do curl post data from php script, on rails server notifcation displays - "Can't verify CSRF token authenticity". I am passing authenticity_token in post parameters. We need to how to use this token in secure manner on rails server.
<?php
class active_merchant{
private $endpoint_url; // server address or url where data is to be posted.
private $params; // form fields
private $fields_count; // count of fields in credit card
public function __construct(){
$this->endpoint_url = "http://localhost:8080/activemerchant/index";
$token = md5('random');
$this->params = array('name'=>'test','authenticity_token'=>$token);
}
/* function curl_post
makes a curl post to the end point url
global variables
*/
public function curl_post(){
try{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this->endpoint_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($this->params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
$response = curl_exec($ch);
print_r($response);
//return $response;
}catch(Exception $e){
throw new Exception($e->getMessage(),$e->getCode(),$e->gtLine());
}
}
}
$active_merchant = new active_merchant();
$active_merchant->curl_post();
?>
Rails code -
class ActivemerchantController < ApplicationController
protect_from_forgery except: :index
def index
Rails.logger.debug params.inspect
puts params.inspect
self.response_body = "Hello, world!"
end
end
Can anyone tell us how can we keep our authenticity_token random ,consistent and secure between two servers (php and ruby on rails).
Aucun commentaire:
Enregistrer un commentaire