I'm having a problem with logging in that I didn't have before. Up until today I was able to log in with no issues. Suddenly, when I try to log in I get:
ActionController::InvalidAuthenticityToken
def handle_unverified_request
raise ActionController::InvalidAuthenticityToken
end
Here's the development log:
Processing by RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"kLm2udi5jHmIQbva2h1HH9IExxFo1qt/p1u9UTjtBQaeHr/23gcrSfTyJdRvhIKYJWh/MyUbSY2zf0vHU8qA9A==", "user"=>{"first_name"=>"John", "last_name"=>"Mack", "username"=>"johnmack", "email"=>"john@mack.com", "password"=>"[FILTERED]", "avatar_cache"=>""}, "commit"=>"Sign up"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
devise (3.4.1) lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
Up until an couple hours ago I had no trouble logging in and out. I've tried clearing browser data, logging in from multiple browsers, restarting the server, dropping and recreating the db, and reverting my code back to what it was two days ago. I get the same error.
I'm using Rails 4.2 and Devise 3.
Is there something I'm missing here?
Thank you.
I ended up tracing the issue to how I was setting the session store to enable cross subdomain authentication. Originally I had this:
HeartbeatPods::Application.config.session_store :cookie_store, key: '_Heartbeat-pods_session', domain: ENV["HEARTBEAT_HOSTNAME"], tld_length: 2
I changed it to this:
if Rails.env.production?
Rails.application.config.session_store :cookie_store, key: '_Heartbeat-pods_session', domain: :all
else
Rails.application.config.session_store :cookie_store, key: '_Heartbeat-pods_session'
end
The original solution supported cross subdomain auth on my local system but ended up borking. The updated solution only supports cross subdomain auth on the production set up.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.