Getting ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken) error for devise sign in and sign up
Question
I know there are so many posts related to this error but still...
I am getting following error while sign in / sign up for devise. (2 days back it is working fine able to sing in / up.)
Feb 02 22:16:12 myapp app/web.1: Processing by Devise::SessionsController#create as HTML
Feb 02 22:16:12 myapp app/web.1: Parameters: {"utf8"=>"✓", "authenticity_token"=>"d0R529vsmCovMKZk1RC9ioxfVHivvVGKxPFvNkEUqVId08qPMDRN0lu9yULIAaTJR+p1oOXyg8QsE+PdZx4CHg==", "user"=>{"app_name"=>"tempo", "email"=>"xyz@vision.com", "password"=>"[FILTERED]"}, "commit"=>"submit"}
Feb 02 22:16:12 myapp app/web.1: Can't verify CSRF token authenticity
Feb 02 22:16:12 myapp app/web.1: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
Feb 02 22:16:12 myapp app/web.1: vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.1/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
Feb 02 22:16:12 myapp app/web.1: vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.1/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
Feb 02 22:16:12 myapp app/web.1: vendor/bundle/ruby/2.2.0/gems/devise-3.5.6/lib/devise/controllers/helpers.rb:257:in `handle_unverified_request'
Feb 02 22:16:12 myapp app/web.1: vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.1/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
I am getting this error for the production application which is hosted on the Heroku.
I have a staging app (Which is also hosted on the heroku and have same code base) and it is working fine.
I am able to login and sign up on it.
I have referred the following links but getting the same issue
Rails facebook app returns 422 " the change u wanted was rejected" error
devise user sign_in gives authentication error for CSRF token authenticity token
rails - "WARNING: Can't verify CSRF token authenticity" for json devise requests
https://github.com/plataformatec/devise/issues/2734
I am using rails 4 for the same.
EDIT
I have tired following solutions
- Removed
protect_from_forgeryfrom the application controller - Checked
csrf_meta_tagspresent or not in the layout and it is present. - Also checked
authenticity_tokenfrom the form. You can find my submitted form details in the log trace. Added following in application controller
skip_before_filter :verify_authenticity_token, if: :devise_controller?
2 answers
solution1
2 ACCPTED 2016-02-03 10:15:53
It is the network issue. Our network administrator made few changes in the firewall that's why it caused the issue. It also affect on the other sites
solution2
1 2016-02-03 08:08:26
This could be a couple of things...
1. You forgot to add the <%= csrf_meta_tags %> inside your layout file
<!DOCTYPE html>
<html>
<head>
<title>Sample</title>
<%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %>
<%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
</head>
<body>
<%= yield %>
</body>
</html>
2. You need to set protect_from_forgery to the following:
Simply declaring protect_from_forgery without a :with argument will utilize :null_session by default:
protect_from_forgery # Same as above
3. The author of Devise suggests disabling protect_from_forgery on the particular controller action that's raising this exception:
# app/controllers/users/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
skip_before_filter :verify_authenticity_token, :only => :create
end
4. You need to add the following line to your form
<%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.