How to disable CSRF for jQuery?

I am testing a remote messaging service and I "believe" I am in need of disabling CSRF in jQuery for my initial remote test to be successful.

I have disabled CSRF in the Application Controller already.

If I send the POST through the application itself, the messaging works and I get the following output in my rails server log:

Started POST "/messages" for 127.0.0.1 at 2011-05-07 10:49:29 -0400

Processing by MessagesController#create as JS

Parameters: {"utf8"=>"✓", "authenticity_token"=>"xxx", "message"=>{"content"=>"damn"}, "commit"=>"Send"}

SQL (0.1ms) SELECT name

FROM sqlite_master

WHERE type = 'table' AND NOT name = 'sql开发者_C百科ite_sequence'

AREL (0.5ms) INSERT INTO "messages" ("content", "created_at", "updated_at") VALUES ('damn', '2011-05-07 14:49:29.887582', '2011-05-07 14:49:29.887582') Rendered messages/_message.html.erb (3.6ms) Rendered messages/create.js.erb (8.2ms) Completed 200 OK in 133ms (Views: 17.0ms | ActiveRecord: 0.6ms)

If I send the following POST command via cURL, I get this output:

    curl -X POST -d 'message={"content":"lololol", "commit":"Send"}' http://localhost:3000/messages

Started POST "/messages" for 127.0.0.1 at 2011-05-07 10:54:15 -0400

Processing by MessagesController#create as

Parameters: {"message"=>"{\"content\":\"lololol\", \"commit\":\"Send\"}"}

AREL (0.3ms) INSERT INTO "messages" ("content", "created_at", "updated_at") VALUES (NULL, '2011-05-07 14:54:15.934156', '2011-05-07 14:54:15.934156')

Rendered messages/_message.html.erb (0.5ms)

Rendered messages/create.js.erb (4.2ms)

Completed 200 OK in 309ms (Views: 28.1ms | ActiveRecord: 0.3ms)

I can see a blank entry on my page with a timestamp of when I run the cURL command and a record is being created in the database with everything but the content.

Is it safe to assume the reason for this is due to the CSRF in jQuery not allowing the content to get published? If so, how do I disable it? Or am POSTing it wrong with cURL? or a mixture of both?

Thank you in advance for any help.

Your POST is wrong. The right syntax is:

curl -X POST -d 'message[content]=lololol&commit=Send' http://localhost:3000/messages

CSRF protection wouldn't change the params. By default, when CSRF verification fails, Rails only resets the session (see the source of handle_unverified_request).