CODEWITHSUNDEEP
ruby-on-railsrubydevisecsrfauthenticity-token
scientiffic
scientiffic

Reputation: 9415

Rails: Can't verify CSRF token authenticity

My Rails app suddenly started giving me the following error:

Can't verify CSRF token authenticity
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

I haven't made any changes to the app, so I'm totally flummoxed as to what's causing this issue. The full error log is below. I took out the authenticity token but have confirmed that the token is valid for the current user (by checking in the console).

2015-05-13T01:44:49.038482+00:00 app[web.1]: I, [2015-05-13T01:44:49.038369 #9]  INFO -- : Started POST "/projects?auth_token=xxx” for 76.118.180.235 at 2015-05-13 01:44:49 +0000
2015-05-13T01:44:49.044865+00:00 app[web.1]: I, [2015-05-13T01:44:49.044762 #9]  INFO -- : Completed 422 Unprocessable Entity in 1ms
2015-05-13T01:44:49.119991+00:00 app[web.1]: I, [2015-05-13T01:44:49.119893 #9]  INFO -- : Processing by SpinsController#create as JSON
2015-05-13T01:44:49.120060+00:00 app[web.1]: I, [2015-05-13T01:44:49.119998 #9]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.120537+00:00 app[web.1]: W, [2015-05-13T01:44:49.120469 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.122935+00:00 app[web.1]: F, [2015-05-13T01:44:49.122841 #9] FATAL -- : 
2015-05-13T01:44:49.122938+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.122940+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122941+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.122943+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.122945+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.122946+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122948+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.122949+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.122951+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.122952+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.043562+00:00 app[web.1]: I, [2015-05-13T01:44:49.043425 #9]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T01:44:49.043630+00:00 app[web.1]: I, [2015-05-13T01:44:49.043582 #9]  INFO -- :   Parameters: {"project"=>{"name"=>"New Set"}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.044251+00:00 app[web.1]: W, [2015-05-13T01:44:49.044184 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.047524+00:00 app[web.1]: F, [2015-05-13T01:44:49.047435 #9] FATAL -- : 
2015-05-13T01:44:49.047527+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.047528+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122954+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.122955+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.122957+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.122959+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.122961+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.122962+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.122964+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047530+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.047532+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.047534+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.047535+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122965+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.122968+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.122969+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.122971+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.122973+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.122975+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.122977+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.122979+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.122981+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.123001+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.123002+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.047537+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.047538+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.047540+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.047541+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.047543+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.047544+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047546+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.123004+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.123005+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.123007+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.123008+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.123009+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.123011+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047547+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.047549+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.047550+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.047551+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047553+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.047554+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.047555+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.123012+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123013+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123015+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123022+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.123023+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.123025+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.123026+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.123027+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.123029+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.047556+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.047557+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.047559+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.047560+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.047561+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.047562+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.047564+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.047588+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.123030+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.123031+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.123033+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.123034+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047589+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.047590+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.047592+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.047593+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.047594+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.047595+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047597+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047598+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123035+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.123037+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047599+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047610+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.047612+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.047613+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.047614+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.047616+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.047617+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.123038+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.123039+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123041+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123042+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.123044+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.123045+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047618+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.047620+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.047621+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.047623+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047624+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.047625+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047627+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.047628+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123046+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.123048+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.123049+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.123050+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.047630+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123051+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.123053+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.123054+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.123055+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.123056+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047631+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.047632+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.047633+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047635+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.047636+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.047637+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047638+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.123058+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.123059+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123060+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123062+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.123063+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.123064+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.123065+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047639+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.047641+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.047642+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.047643+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.047644+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047645+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.047646+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123067+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.123068+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.123070+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.123071+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.123072+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.123074+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.123076+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'
2015-05-13T01:44:49.123078+00:00 app[web.1]: 
2015-05-13T01:44:49.047648+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123079+00:00 app[web.1]: 
2015-05-13T01:44:49.047649+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.047650+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.047651+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.047653+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047654+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.047655+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.047656+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.047657+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.047658+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.047660+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.047661+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'

As I'm sure the site was working 3 days ago, I reverted my code thinking that perhaps there was an update to a Gem I was using that may have caused the issue. But it didn't seem to resolve the issue at all.

Has anyone else run into a similar error, and if so, do you know how to fix it? I have already tried multiple suggestions from various StackOverflow posts to no avail (for example, adding "protect_from_forgery with: :null_session" to my application_controller.rb)

Currently, I have the following in my sessions controller:

class SessionsController < ApplicationController
  skip_before_filter :verify_authenticity_token,
                     :if => Proc.new { |c| c.request.format == 'application/json' }

And I have the following line in my application.html.erb

  <%= csrf_meta_tags %>

After some suggestions, I added the following to my application_controller.rb:

 before_filter :cor
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token

 def bad_token
    Rails.logger.debug("session expired!")
  end


  private
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

However, I'm still receive the same error, albeit shorter:

2015-05-13T02:45:26.893689+00:00 app[web.2]: I, [2015-05-13T02:45:26.893643 #6]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>"xxx"}
2015-05-13T02:45:26.895581+00:00 app[web.2]: W, [2015-05-13T02:45:26.893966 #6]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.895583+00:00 app[web.2]: I, [2015-05-13T02:45:26.894210 #6]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.728920+00:00 app[web.2]: I, [2015-05-13T02:45:26.728852 #12]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T02:45:26.729261+00:00 app[web.2]: W, [2015-05-13T02:45:26.729155 #12]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.729430+00:00 app[web.2]: I, [2015-05-13T02:45:26.729380 #12]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.890043+00:00 app[web.2]: I, [2015-05-13T02:45:26.889933 #6]  INFO -- : Started POST "/spins?auth_token=ArpuyxbDyjtyn67r3JgF" for 76.118.180.235 at 2015-05-13 02:45:26 +0000
2015-05-13T02:45:26.888494+00:00 heroku[router]: at=info method=POST path="/spins?auth_token=ArpuyxbDyjtyn67r3JgF" host=spin360-staging.herokuapp.com request_id=5edd715a-a01d-4558-9aa3-7f2c2c3dc927 fwd="76.118.180.235" dyno=web.2 connect=1ms service=8ms status=200 bytes=324

Upvotes: 11

Views: 18563

Answers (5)

Alex
Alex

Reputation: 368

This often happens especially with the search bots or API calls from another applications or ping services (like pingdom).

For allow cross domain request (if you have API on your website or some another service for external application) you can add this code to your application_controller.rb

# API POST REQUEST ALLOW CROSS DOMAIN
  before_filter :cor
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

If you don't have API, this error may have simple problem with expired session, just add this code to your application_controller.rb

# Resque form for invalid authentificitytoken
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token
  def bad_token
    flash[:warning] = "Session expired"
    redirect_to root_path
  end

In any cases better to add second code to check expired session and doesn't show rails error for user. Showing rails general error when ActionController::InvalidAuthenticityToken confusing people because it is not site error.

Upvotes: 8

Asher Namanya
Asher Namanya

Reputation: 27

I have been working Chatrooms with action cable Rails 5.2 and face the same problem. It appears that this happened on the controller and then I used this:

protect_from_forgery with: :null_session,
    if: Proc.new { |c| c.request.format =~ %r{application/json} }

in the application controller and it worked amazingly.

Upvotes: 0

jkwok
jkwok

Reputation: 111

A little late to the party but if in case anyone else is looking for a solution.

Are you making a POST request to ProjectsController#create? If so try adding 

protect_from_forgery with: :null_session, only: [:create]

to the top of ProjectsController. Functionally it should be the same as skip_before_action :verify_authenticity_token but not sure if you are inheriting from ApplicationController. If you would like to add your Proc check, you can do

protect_from_forgery with: :null_session,
    if: Proc.new { |c| c.request.format =~ %r{application/json} }

Upvotes: 4

vtamara
vtamara

Reputation: 148

Enable cookies in your browser.

I had the same issue by using w3m version 0.5.3 on the distribution adJ of OpenBSD 5.7. The application worked again for me when I enabled cookies to w3m by using the option -cookie:

w3m --cookie http://127.0.0.1:3000

Upvotes: 1

Shahzad Tariq
Shahzad Tariq

Reputation: 2857

We experience same issue and ended up using rack cors gem. It provides lots flexibility.

Simply add this line to Gemfile

gem 'rack-cors', :require => 'rack/cors'

and then run bundle install command. There are many configuration options available. For more details https://github.com/cyu/rack-cors

Upvotes: 3

Related Questions