Reputation: 57
rails csrf validation in firefox
I have a site created with Rails using Devise for authentication. It works perfectly fine in Chrome, but in Firefox I cannot log in. All I can see is a message in log:
WARNING: Can't verify CSRF token authenticity
And the login screen comes back without any error messages.
Can someone give me a hint where to look after what is happening?
Upvotes: 5
Views: 1362
Answers (1)
Reputation: 5426
I had exactly the same problem. Login was working in Chrome and not in FF.
The problem was not related to CSRF since I commented out protect_from_forgery and tried to signin but I wasn't allowed to. The only difference was that the warning message disappeared.
After some debugging I found out that the problem is related to session and :domain => :all setting for the session store.
MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => :all
After I removed :domain => all, I was able to login using Firefox. Hope that this will help someone even though the answer arrives two months late.
Upvotes: 4
Related Questions
- Rails: Can't verify CSRF token authenticity
- Rails, Devise authentication, CSRF issue
- Devise: Can't verify CSRF token authenticity the HTTPS enabled on server (No JSON/API)
- rails - "WARNING: Can't verify CSRF token authenticity" for json devise requests
- Devise token auth can't verify CSRF token authenticity
- Rails 5 devise_token_auth Can't verify CSRF token authenticity
- Devise. Can't verify CSRF token authenticity
- "WARNING: Can't verify CSRF token authenticity" error - CORS with Devise and :token_authenticatable
- Getting CSRF Error with Firefox and Devise
- Rails - WARNING: Can't verify CSRF token authenticity