verify_authenticity_token has not been defined

C

5

32

Ruby version 2.2.4, Rails version 5.0.0.1.

I'm getting stuck at a part of a tutorial where you test login with curl. I get an error

ArgumentError (Before process_action callback: verify_authenticity_token has not been defined).

I used this code in sessions_controller:

skip_before_action :verify_authenticity_token, :if => Proc.new { |c| c.request.format == 'application/json' }

Does somebody know the answer?

Caldron answered 31/8, 2016 at 22:49 Comment(5)

check if verify_authenticit_token exists in your project and change it to verify_authenticity_token – Headon 1/9, 2016 at 8:58

Sorry this is not the problem. I forgot the "y" of the word by creating this question. I correct it, thanks – Caldron 1/9, 2016 at 9:28

by the way, in my full project, nowhere is verify_authenticity_token defined. But how and where can I define this method? Is it not in a gem? – Caldron 1/9, 2016 at 9:29

does somebody else has an idea, why I get this Error: ArgumentError (Before process_action callback: verify_authenticity_token has not been defined) ? – Caldron 3/9, 2016 at 1:15

Be sure to not invoke this skip_before_action until protect_from_forgery has been called. Just move it under that in your application controller. – Strengthen 14/7, 2020 at 0:55

C

37

Check if your ApplicationController has a call to protect_from_forgery as follows:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
end

Essentially calling protect_from_forgery adds verify_authenticity_token to the before_filter list, which you can skip in the other controllers.

Refer to protect_from_forgery documentation for more info.

Couperin answered 5/9, 2016 at 8:9 Comment(0)

P

25

After upgrading to Rails 5, I hit this error. I discovered that if skip_before_action is called multiple times with the same method name, this exception will be raised.

My fix was to add the parameter raise: false, to the second time skip_before_filter was called.

So it would look like this in the Application Controller:

skip_before_action :your_method_name, raise: false

Plutonium answered 7/1, 2018 at 7:20 Comment(0)

K

5

After upgrading to Rails 5 and deploying to Heroku I hit this error. I could not reproduce it in development.

In the API docs the example is given

class ApplicationController < ActionController::Base
  protect_from_forgery unless: -> { request.format.json? }
end

For me, adding the unless: -> { request.format.json? } like the above fixed my stack bomb. raise: false unfortunately did not.

Karmen answered 21/2, 2019 at 21:31 Comment(1)

Hi, did that allow unauthenticated access to other routes tho? or does it affect other things? – Backswept 6/8, 2020 at 17:16

B

1

I fixed it by setting: config.action_controller.default_protect_from_forgery = true in config/application.rb

Bremen answered 10/8, 2021 at 5:57 Comment(0)

L

0

Just ran into a similar issue and none of these solutions worked for me.

Background: I was re-naming models and controllers to keep the code DRY, I reviewed the files and found that I missed re-naming one of the controllers i.e. the class name was updated but not the file name.

Solution: Update the controller name to match the new class name.

Moral of the story: Cross to 't's and dot you 'i's.

Lindseylindsley answered 25/7, 2022 at 15:56 Comment(0)

Recommended topics

Hot tags