All,

I've got a remote application that is used for posting data to my
Rails 2 app. Took me about a day to realise that my posting wasn't
working because my submitted form did not contain an identity token
(introduced into Rails 2).

I can remove that function (on new posts) by doing:
  protect_from_forgery :only => [:update, :destroy]

but I'm wondering how I could keep that feature and still post from my
client side app?

Etienne