0

I'm having a weird problem with Restkit+iOS 5 + Rails: when I attempt to do a post on the server like this:

NSArray *topicsList=[self.topicsTV.text componentsSeparatedByString:@","]; 
RKParams *params = [NSDictionary dictionaryWithObjectsAndKeys: self.questionTV.text,@"question[text]", 
                                                               self.descriptionTV.text,@"question[detail]",                       
                                                                topicsList,@"topics[]", nil
                    ];
[[RKClient sharedClient] post:@"/questions.json" params:params delegate:self];

The log will be like this:

2012-01-11 17:24:21.725 APP[29087:fb03] I restkit.network:RKRequest.m:562 Status Code: 401
2012-01-11 17:24:21.725 APP[29087:fb03] I restkit.network:RKRequest.m:563 Body: {"error":"You have to register or login."}

Note that before posting I was logged at 100% because I could get access to some private content and what happened is that if I refresh the private content (get sent to server) it gives me this error:

2012-01-11 17:35:51.337 APP[29087:fb03] D restkit.network.queue:RKRequestQueue.m:455 Request <RKObjectLoader: 0x811c360> failed loading in queue <RKRequestQueue: 0xc60ea10 name=(null) suspended=NO requestCount=0 loadingCount=0/5> with error: The operation couldn’t be completed. (org.restkit.RestKit.ErrorDomain error 1004.).(Now loading 0 of 5).

Did that operation log me out? How should I mantain the login session alive?

favo
  • 5,426
  • 9
  • 42
  • 61
Massimo
  • 159
  • 1
  • 10
  • theese are my parameters for the post: Parameters: {"utf8"=>"✓", "authenticity_token"=>"rEwYQT9tKGtqW4Tp4wtBZTN5zl+HPOK5k/ZpGs0nAJc=", "question"=>{"text"=>"Prova prova prova", "detail"=>""}, "suggested-query-input"=>"", "topics"=>["argomento", "nuovo"], "variables"=>"prova-prova-prova-1", "commit"=>"Salva", "a"=>"questions"} – Massimo Jan 12 '12 at 10:59
  • Basically i figured that could be a csrf that i don't keep...any idea? – Massimo Jan 16 '12 at 09:19
  • Now the question is do i have to modify somethig in my ios app or in the rails app? – Massimo Jan 16 '12 at 11:35

1 Answers1

0

What may be happening is the rails app is can't verify the CSRF token when your app runs a POST request. When you run the GET request, it doesn't need to check the token (because GET requests don't change anything). That's why you can GET something with a username and password, but can't POST something. This blog post has some more info.

What I found to help is I disabled the check for any JSON request.

# In your application_controller.rb
skip_before_filter :verify_authenticity_token, :if => Proc.new { |c| 
  c.request.format == 'application/json' }

Of course, you could also do this:

# Or this in your application_controller.rb
def verified_request?
  if request.content_type == "application/json"
    true
  else
    super()
  end
end

Either of these allow JSON requests to ignore the token, and you can CRUD appropriately. Just know what you're doing if you choose to ignore the check.

Also: https://github.com/rails/rails/issues/3041

Ethan Mick
  • 9,517
  • 14
  • 58
  • 74