Unity3D login with Ruby on Rails protect_from_forgery

Hi all,

I have recently tried to write a login with rails, and after a few googles I've got this.

On server side

class ApplicationController < ActionController::Base
protect_from_forgery
end


At client side, the Unity3D C#

string json = "{\"id\":\"" + id + "\", \"pw\":\"" + pw + "\"}";
Hashtable postHeader = new Hashtable();
postHeader.Add("Content-Type", "application/json");
WWW www = new WWW(mainUrl + "login/", System.Text.Encoding.UTF8.GetBytes(json), postHeader);


I then run my script, and I can successfully connect and login,
but at the windows console, there is a warning

WARNING: Can't verify CSRF token authenticity


Hence I am not sure if my login is actually checked by protect_from_forgery, or it is simply ignored and bypass the checking. How could I ensure that my login is protected?

Thanks all in advance

 

protect_from_forgery adds another field to the login form. You need to also return that field, with the value the server provided, in order to authenticate successfully.

 

Hi wccrawford,

I see that it added two meta tags in the form

<meta content="authenticity_token" name="csrf-param">
<meta content="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" name="csrf-token">

Did you mean I have to include these two field when I am posting my request to the server?
I have tried below as well:

postHeader.Add("X-CSRF-Token", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
postHeader.Add("CSRF-Token", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");

string json = "{\"id\":\"" + id + "\", \"pw\":\"" + pw + "\", \"authenticity_token\":\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"}";

But none of above solves the can't verify issue. Have I done something wrong?
Thanks again!

 

That looks correct to me. I'm not sure what's going wrong. Sorry I can't help more.