Rails/Devise - Creating new users via json request

Question

I would like to do a new user signup via JSON but I get an invalid authenticity token error.

I would like to not turn the forgery check for all controller. Any suggestions on how to override the registrationcontroller to do this?

Here is my code:

class Api::MobileRegistrationsController  < Devise::RegistrationsController 
  skip_before_filter :verify_authenticity_token
  respond_to :json
  def create
    super
  end
end

Routes:

Whitney::Application.routes.draw do
  resources :apps
  devise_for :users
  namespace :api do
    resources :tokens, :only => [:create, :destroy]
    resources :MobileRegistrations, :only => [:create] 
  end

I get an error:

Routing Error
uninitialized constant Api::MobileRegistrationsController

Answer 1

I can't encourage you in this way, because your app will be vulnerable to CSRF attacks.

A good resource to understand CSRF : Understanding the Rails Authenticity Token

You should rather include the authenticity_token in your POST request. This is discussed in some questions on SO, like there (read all the answers) : rails - InvalidAuthenticityToken for json/xml requests

The idea :

1. Retrieve the token with <%= form_authenticity_token %>

2. Add a authenticity_token POST param to your request with the token.

If you pass the param by URI, don't forget to encoded the token value :

url += "&authenticity_token=" + encodeURIComponent( <%= form_authenticity_token %> );