Reputation: 6896
Rails 4 CSRF not correct
I'm on Rails
So I was messing around with my cookies and I might have deleted some important ones related to csrf. Now whenever I submit a form on my app I get: ActionController::InvalidAuthenticityToken
When I dig around in these requests it looks like this is why I am getting these errors.
When I actually debug through my request I get different values for form_authenticity_token and request.headers['X-CSRF-Token'] but I have no idea why.
it seems like request.headers['X-CSRF-Token'] is the one that actually matches the meta tag on my page (and hidden field tag in the form) and its form_authenticity_token that is incorrect.
Any thoughts?
Upvotes: 0
Views: 110
Answers (1)
Reputation: 6896
So, weirdly enough, the reason I was seeing this was totally unrelated to anything else I thought I was seeing.
I had added this line to config/initializers/assets.rb
Rails.application.config.assets.prefix = ''
because on my production app I am using a cdn and its mapped to http://assets.mydomain.com and I didn't want it to resolve to http://assets.mydomain.com/assets/myasset.js
Unfortunately on production it looks like it was causing this issue, weirdly enough.
Upvotes: 1
Related Questions
- session[:_csrf_token] not same as csrf_meta_tags in rails 4.2.1
- Can't verify CSRF token authenticity Rails 4.1
- Why is Rails giving me "Can't verify CSRF token authenticity" error?
- 500 internal server error with protect_from_forgery with: :null_session
- Error: Can't verify CSRF token authenticity rails
- Rails 4 Can't verify CSRF token authenticity
- Rails csrf protection fails sometimes
- Weird thing when checking sessions in Rails on POST request
- CSRF Token Session gets reset
- CSRF not working in Rails?