[jsnk]

Noob question for people:

How do I do CSRF token for separate Ember/Angular app?

Since Rails can't write the CSRF directly on the front end page, how does CSRF work in that case?

[boucher]

It's generally pretty easy in most frameworks to plug in to all XHR requests (see e.g. jquery's ajaxPrefilter). Then you can simply add a CSRF token to the header of every request (or possibly your authentication details directly).

[fervisa]

The Rails unobtrusive adapter for jQuery jquery-ujs has a pretty neat implementation, you can take a look at it here https://github.com/rails/jquery-ujs/blob/master/src/rails.js...

[booleanbetrayal]

token-bearer authentication scheme = 2 birds, 1 stone