Reputation: 417
"Can't verify CSRF token authenticity" after new build on Heroku (Rails)
Just after a new deploy all POST request started throwing error 422 and "Can't verify CSRF token authenticity."
I rolled back to previous deploy and worked. I suspected an error on the code base (all thou nothing looked strange). So reverted to the exact same code as the build that worked. Push again but didn't help.
Have tried:
- Build exact same code as the las deploy that worked.
- Different browsers, incognito modes, errase cookies
- Change SECRET_KEY_BASE
- Restart server
Any advise apreciated.
Using rails 5.0.7.2
Upvotes: 1
Views: 631
Answers (1)
Reputation: 417
It was Rails5 + Heroku + CloudFlare as explained here:
http://til.obiefernandez.com/posts/875a2a69af-cloudflare-flexible-ssl-mode-breaks-rails-5-csrf
"The solution is simple. Make sure you have working SSL and HTTPS on Heroku (or wherever you're serving your Rails application.) Turn Cloudflare SSL to Full mode. Problem solved."
Upvotes: 0
Related Questions
- Rails: Can't verify CSRF token authenticity
- Can't verify CSRF token authenticity on Heroku - Rails 7
- csrf_meta_tags and form_for generate invalid base64 on Heroku
- Heroku/Rails/Devise: The change you wanted was rejected
- Rails/Heroku/Cloudflare: Can't verify CSRF token authenticity after domain change
- Can't verify CSRF token authenticity Rails 4.1
- Rails 3.2.15 "Can't verify CSRF token authenticity" although token exists
- Rails Can't verify CSRF token authenticity on Heroku/production only
- Can't Authenticate Auth Token When Pushed to Heroku
- Rails 3 : Can't verify CSRF token authenticity