stackoom
  简体   繁体   中英

InvalidAuthenticityToken in Rails 5 behind Nginx using SSL

 原文  2016-01-07 12:47:54       ruby-on-rails/ ssl/ cookies/ nginx/ ruby-on-rails-5

Question

I've got a really weird issue with Rails 5 (beta1) and it's preventing me from safely submitting any forms.

When running in production mode behind an Nginx (1.4.6 on Ubuntu 12.04) reverse proxy which decrypts SSL, Rails is rejecting my CSRF tokens saying they are invalid despite the fact that the correct token is being submit by the form.

Everything works fine when I turn SSL off in Nginx.

Any help would be appreciated.

1 answers

solution1
 16 ACCPTED  2016-01-08 10:30:57

Fix by adding more headers in Nginx ( X-Forwarded-Ssl on , X-Forwarded-Port 443 and X-Forwarded-Host "your hostname" , X-Forwarded-Proto https ). The problem was actually in the new way CSRF tokens are checked by ActionController (compares the request.base_url with the origin header)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ActionController::InvalidAuthenticityToken at login using NGINX and Rails Rails 5 ActionController::InvalidAuthenticityToken on Production Enviroment Nginx Rails 4: InvalidAuthenticityToken Force ssl for logged in users in rails using nginx ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rails 5 SSL rails nginx ActionController::InvalidAuthenticityToken in ruby on rails HTTPS for Rails Application - InvalidAuthenticityToken Rails 5 InvalidAuthenticityToken Coffeescript ActionController::InvalidAuthenticityToken in rails 4
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM