jquery - Posting with ajax to an app using devise from a cross domain request -

i'm trying understand concept of api programming.

i able post basic stuff ( not using devise ) in app, creating article title , description using basic ajax post cross domain request (outside app).

in app can make ajax post devise url register or sign in user problem comes when try same thing application outside(cross domain request).

what want:

i want able register , sign in using across domain request via ajax post devise url (api).

also, able let user know signed in on outside app (not api).

errors:

i keep getting authentication tokens errors when try register or sign in using ajax post.

different methods i've tried:

1) first method:

i have tried changing in application controller line:

protect_from_forgery with: :exception

to

protect_from_forgery with: :null_session

this fixes errors , let me register , saves information database (email, password).

although i'm not sure how sign in works, able pass sign in information without errors using post method ajax api (but not able figure out how let user know logged in, or how log out)

i'm afraid method might leave vulnerabilities app.

2) second method i've tried:

from cross domain app i'm trying post using ajax, i've added code call:

headers: {   'x-csrf-token': $('meta[name="csrf-token"]').attr('content') }, 

but no success, brings authentication token error again can't verify csrf token authenticity.

3) third method i've tried:

in devise controllers registrations , sessions i've added following line:

protect_from_forgery except: :create 

while make work, i'm afraid same first method i've tried, might leave vulnerabilities app.

my routes in main application (api):

devise_for :users, controllers: { sessions: "users/sessions", registrations: "users/registrations" } match 'api/people/', to: 'people#people_get_all', via: [:get] match 'api/people/:id', to: 'people#people_get', via: [:get]  match 'api/people/', to: 'people#create', via: [:post] 

my javascript cross domain app doing ajax post:

$(function(){      $('#register_user').on('click', function(){          var user = {             user: {                 email: $('#email').val(),                 password: $('#password').val(),                 password_confirmation: $('#password_confirmation').val()             }         };          $.ajax({             type: 'post',             url: 'http://localhost:3000/users/',             datatype: 'json',             data: user,             success: function(newsignin){                 console.log(newsignin);             },             error: function(){                 alert('error');             }         });     });  }); 

also, everytime try post using first , last method, error function in ajax call, though registered user.

i have made example creating small app replicating above. in there, can create person (not using devise) via ajax (which can cross domain request via ajax post right urls provided here).

it has 2 other forms post devise urls, 1 register , other 1 sign in.

https://johhanapi.herokuapp.com/

at moment of post, app using third method mentioned here(not counting edits).

thank you.