Reputation: 1259
CSRF issue on embedded form
I have a Wordpress site that embeds some elements of a Ruby on Rails site (which is our Members Area and is located on a subdomain). The elements include a login form. When people use it, Rails returns an error due to invalid CSRF token. Do I have to disable CSRF for the login action? What are my options? If the answer is to disable it, then is there a painless way to do so for Devise?
Upvotes: 0
Views: 229
Answers (1)
Reputation: 728
Do not disable the CSRF token for security purposes. Instead, look through the code and identify where the CSRF token is originating from, usually the DB, and then you can create a variable with that token value and echo it into an field within the form in question with the specific CSRF token parameter that PHP is expecting.
Upvotes: 0
Related Questions
- Rails: Can't verify CSRF token authenticity when making a POST request
- Rails post can't verify CSRF token authenticity
- Error: Can't verify CSRF token authenticity rails
- Rails authenticity token (CSRF) provided but being refused
- Rails 4 Can't verify CSRF token authenticity
- rails protect_from_forgery raises with exception
- Rails csrf protection fails sometimes
- Rails and ajax request: not using csrf working?
- Rails 3 protect_from_forgery not working correctly?
- CSRF not working in Rails?