Patrick Tulskie

Earlier today, Elad Meidar asked on Twitter about how to bypass checking the Authenticity Token in Rails for an action, sometimes. The example he mentioned was for a write API but this could theoretically be used for other situations where you only want to skip the authenticity token check of an action under specific circumstances. We went back and fort

First off, you need to do some before filter work:

skip_before_filter :verify_authenticity_token, :only => [:your_action]
before_filter :semi_verify_authenticity_token, :only => [:your_action]

Then you need a function to define when to check for the token authenticity:

def semi_verify_authenticity_token
  verify_authenticity_token unless request.xhr? # Or whatever other criteria you would use
end

All you really have to do then is make sure that verify_authenticity_token gets called based on the params or request and you should be set. This can be useful for APIs or AJAX calls calls to a given action where you don’t mind skipping the token check, but you still want to enforce it for the regular HTML browser view.

The fine folks at Twitter have been talking about a search feature for quite some time now.  They never actually pulled it off since they were busy focusing on stabilizing the platform and restoring functionality to the service.  Off in the distance, a website called Summize rose up and filled that void.  The nice thing about Summize is that it was able to provide a realtime query into what’s going on in Twitter without having to visit the actual Twitter website.  It also proved to be a solid failover for developers for when Twitter had gone down or was busy firing off whales like a mad man.  Aside from that, there was no real cap on the number of API requests one could make in a given time frame.  It just worked.  Period.

Read More…