Reputation: 11107
Can't Authenticate Auth Token When Pushed to Heroku
I have an app that works fine on my localhost. I've set the session_store as this.
Rails.application.config.session_store :cookie_store, key: '_myapp_session', domain: :all
When I push to heroku every POST I make displays Can't verify CSRF token authenticity error in my log. I have no idea why this isn't working. The parameters contain the authenticity token. For some reason the browser doesn't have the updated authenticity token. I'm running Rails 4.2. What could be wrong with this and how do I fix this?
Upvotes: 0
Views: 212
Answers (1)
Reputation: 3255
When using the domain: :all, it looks for a tld (top-level domain) length of 1. This is fine when the domain is "localhost" on your local machine but breaks in the real world.
I would recommend moving this code to an environment specific config file: config/environments/(development|production).rb
Here you can use your existing code for development, but set the actual domain for production.
Upvotes: 1
Related Questions
- Can't verify CSRF token authenticity on Heroku - Rails 7
- Rails ActionController::InvalidAuthenticityToken error Heroku
- Ruby on rails tutorial - chapter 11 - authentication working in dev but not production
- 401 Unauthorized error when making requests to rails api on heroku
- Rails 6 - InvalidAuthenticityToken on Heroku
- Rails API - Error with Admin authorizable in production [heroku]
- devise token auth errors
- Remember Me authenticity token not working rails
- Manually set Authentication token?
- Heroku NoMethod error, remember_token=