Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
Please, ANSWER this question AT https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests

Question:
Rails CSRF token authenticity on Incoming external POST Requests

Description:
My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING.

I, 2015-12-03T16:56:53.215991 #22189 INFO – : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
I, 2015-12-03T16:56:53.221524 #22189 INFO – : Processing by MachineController#listen as XML
I, 2015-12-03T16:56:53.221762 #22189 INFO – : Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[

]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
W, 2015-12-03T16:56:53.223637 #22189 WARN – : Can't verify CSRF token authenticity
I, 2015-12-03T16:56:53.224191 #22189 INFO – : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, 2015-12-03T16:56:53.225189 #22189 FATAL – :
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services.

Thanks