Reputation: 3331
Rails 3.2 + Facebook auth + CSRF FAILURE
This is the error that I see when trying to login via facebook, I always see that error. Can't seem to get rid of it:
Could not authorize you from Facebook because "Csrf detected".
I put a skip:
skip_before_filter :verify_authenticity_token
on the Omniauth callback, but still I get the error. This is in both local and prod (heroku) environments. I have set the heroku environment variables. Any idea?
Upvotes: 5
Views: 5165
Answers (3)
Reputation: 3331
I found that the problem was the gem was too new and passing a STATE header to facebook, which fb didn't want. I rolled the omniauth-facebook gem version back and it worked
Upvotes: 6
Reputation: 644
I had the same issue you have on the same day!! I thought it was a gem update or something like this but not at all. With a deep debugging I found that omniauth "Callback phase initiated." was called twice.
It was due to a stupid double initialization of
provider :facebook, .....
One in config/initializers/devise.rb and in another initializer.
I hope it will give you an hint to find your error
Upvotes: 8
Reputation: 3578
Are you sending a p3p header maybe add...
before_filter :set_p3p
private
def set_p3p
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
to your application controller
Upvotes: 0
Related Questions
- Rails 6 omniauth with facebook works locally but not on heroku
- Rails: Could not authenticate you from Facebook because "Invalid credentials"
- Rails + omniauth + facebook - csrf detected
- Facebook login by omniauth on heroku is not working
- Rails 4 + omniauth facebook - csrf detected
- Ruby on Rails Devise Oauth-facebook OmniAuth::Strategies::OAuth2::CallbackError
- Facebook Login and CSRF
- Rails: Could not authenticate you from Facebook because "Invalid credentials"
- Ruby on Rails omniauth-facebook works in development, but fails in production on Heroku
- omniauth with facebook not working on production