ruby-on-rails - Rails:为第3方POST请求禁用CSRF

Question

我有一个Rails 3.2应用程序，我需要在其中接受来自第三方的POST请求。
我想将传入的请求存储在“消息”模型中。
我的MessageController如下所示:

class MessagesController < ApplicationController
  protect_from_forgery :except => :create
...

def create
@message = Message.new(content: params[:content], command: params[:command], messageId: params[:messageId], ...)

respond_to do |format|
  if @message.save
...

我收到的请求如下所示:

curl -d "content=GUESTTEST&command=deliverMessage&messageId=11389622" https://[myapp].herokuapp.com/messages

这在本地工作正常(http:// localhost:3000 / messages)，但是一旦我切换到heroku，请求就不再起作用。

heroku logs

说:

    2012-08-13T07:54:01+00:00 app[web.1]: Started POST "/" for 178.195.215.59 at 2012-08-13 07:54:01 +0000
    2012-08-13T07:54:01+00:00 app[web.1]: Processing by StaticPagesController#home as */*
    2012-08-13T07:54:01+00:00 app[web.1]:   Parameters: {"content"=>"GUESTTEST", "time"=>"2012-08-01 10:09:03", "businessNumber"=>"5555", "sessionId"=>"5555CHS1343808543654", "operatorCode"=>"99999", "msisdn"=>"0099955291", "keyword"=>"GUESTTEST", "command"=>"deliverMessage", "messageId"=>"11389622"}
    2012-08-13T07:54:01+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered static_pages/home.html.erb within layouts/application (1.1ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_shim.html.erb (0.0ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_header.html.erb (0.9ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_footer.html.erb (0.2ms)
    2012-08-13T07:54:01+00:00 app[web.1]: Completed 200 OK in 6ms (Views: 5.6ms | ActiveRecord: 0.0ms)
    2012-08-13T07:54:01+00:00 heroku[router]: POST guestlist12.herokuapp.com/ dyno=web.1 queue=0 wait=0ms service=72ms status=200 bytes=2425

我需要更改什么才能使帖子无需CSRF token 即可工作？

任何帮助深表感谢!

Answer 1

汇总评论中的答案，以便从“未回答”过滤器中删除此问题:

[从]应用程序 Controller [删除] protect_from_forgery。

〜回答Amol Pujari