rails protect_from_forgery raises with exception

Asked 21/1, 2015 at 5:13 Answered 21/1, 2015 at 5:22

I have Rails project which is working on production. But on localhost it raises on every POST request with ActionController::InvalidAuthenticityToken. I know what is it. AuthToken is protection from csrf attacks. I have in my application_controller.rb

protect_from_forgery with: :exception #this line raise exception

and csrf_meta_tags present. I have no any problems in other Rails projects with it.

If I remove param with: :exception session will reset after reloading page.

what is the problem?

Towhee answered 21/1, 2015 at 5:13 Comment(0)

Problem solved!

Project has config in config/environments/development.rb

Rails.application.routes.default_url_options[:host] = 'my_project.dev:3000'

I tried to load project on localhost:3000, but url was my_project.dev:3000.

Towhee answered 21/1, 2015 at 5:22 Comment(0)

Can you try this

protect_from_forgery with: :null_session

Nicholnichola answered 21/1, 2015 at 5:21 Comment(1)

this param resets session. protect_from_forgery has param with: :null_session by default. – Towhee 21/1, 2015 at 5:24

Problem solved!

Project has config in config/environments/development.rb

Rails.application.routes.default_url_options[:host] = 'my_project.dev:3000'

I tried to load project on localhost:3000, but url was my_project.dev:3000.

Towhee answered 21/1, 2015 at 5:22 Comment(0)

Recommended topics

Hot tags