samgooi4189 · March 13, 2018 11:00
diff --git a/login_devise_csrf b/login_devise_csrf
 First you need to expose your CSRF token

 SessionsController.rb:
  def new
    render json: {"CSRF": form_authenticity_token}
  end
  
 When you visit GET sign_in path, you will get the CSRF token.

 To sign_in with POST,

 $ curl -X POST -H "Content-Type: application/json" -H "X-CSRF-TOKEN: vvAIm6Y1/qjo/OII5l2OAyildCAfwZYXU1H5jvrbHVXZ2/TPv0XvJuE5omAVK/EbxAsr+PAtCZ9liDERu0AQVA==" -H "Cookie: _ga_session=Hlv2cZGQWNqUSpTGggcRKObuStJHeHjDr8zQL0g009lReCaKJHzoYqP%2FgtcfkikwDiVJKYYh%2BJuGJObrLXYPHanmhVBmbnrVzo%2BNDu4tpTbj%2BKVpbjNpTRNmegywOqby0PP%2FsYipbpyKQ5bHKHo%3D--TyLzvQt4RURQ0Rhg--FOTE9ukORnviZgv8WaSUng%3D%3D; path=/; HttpOnly" --data "{\"user\": {\"email\": \"[email protected]\", \"password\": \"1234567890\"} }" localhost:3000/api/users/sign_in -v

 Then you should able to login and pass the CSRF checks.
	First you need to expose your CSRF token

	SessionsController.rb:
	def new
	render json: {"CSRF": form_authenticity_token}
	end

	When you visit GET sign_in path, you will get the CSRF token.

	To sign_in with POST,

	$ curl -X POST -H "Content-Type: application/json" -H "X-CSRF-TOKEN: vvAIm6Y1/qjo/OII5l2OAyildCAfwZYXU1H5jvrbHVXZ2/TPv0XvJuE5omAVK/EbxAsr+PAtCZ9liDERu0AQVA==" -H "Cookie: _ga_session=Hlv2cZGQWNqUSpTGggcRKObuStJHeHjDr8zQL0g009lReCaKJHzoYqP%2FgtcfkikwDiVJKYYh%2BJuGJObrLXYPHanmhVBmbnrVzo%2BNDu4tpTbj%2BKVpbjNpTRNmegywOqby0PP%2FsYipbpyKQ5bHKHo%3D--TyLzvQt4RURQ0Rhg--FOTE9ukORnviZgv8WaSUng%3D%3D; path=/; HttpOnly" --data "{\"user\": {\"email\": \"[email protected]\", \"password\": \"1234567890\"} }" localhost:3000/api/users/sign_in -v

	Then you should able to login and pass the CSRF checks.