stackoom
  简体   繁体   中英

Rails 5 ActionController::InvalidAuthenticityToken on Production Enviroment Nginx

 原文  2019-05-07 14:47:52       ruby-on-rails/ ssl/ nginx/ ruby-on-rails-5

Question

On Rails 5.2, SSL enviroment, running as reverse_proxy with Nginx, whenever I submit a form I get the error:

HTTP Origin header ( https://agro2business.com.br ) didn't match request.base_url ( https://agro2business.com.br , agro2business.com.br)

Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken)

I'd read about configuring params and Nginx for passing on headers in another StackOverflow questions but no luck so far. My nginx config file:

proxy_pass http://localhost:4000 ; }

location / { 

  proxy_pass http://localhost:4000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Real-Port $server_port; proxy_set_header X-Real-Scheme $scheme; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; }

Why is Rails trying to compare the header with two values?

request.base_url ( https://agro2business.com.br , agro2business.com.br)

1 answers

solution1
 0 ACCPTED  2019-05-12 05:37:16

My problem was that in my nginx config I was setting header Host two times and this was causing url generation misleadings, which in turn was invalidating form submissions. 

  proxy_pass http://localhost:4000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        **proxy_set_header Host $http_host;**
        proxy_redirect off;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        **proxy_set_header Host $http_host;**
        proxy_set_header X-Real-Port $server_port;
        proxy_set_header X-Real-Scheme $scheme;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;

Just removing one the two proxy_set_header Host $http_host; did the trick

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rails 5 ActionController::InvalidAuthenticityToken at login using NGINX and Rails Rails Error: ActionController::InvalidAuthenticityToken Rails: ActionController::InvalidAuthenticityToken Rails 5.2 ActionController::InvalidAuthenticityToken Rails 6 - constant ActionController::InvalidAuthenticityToken ActionController::InvalidAuthenticityToken in ruby on rails ActionController::InvalidAuthenticityToken in rails 4 Rails 5 ActionController::InvalidAuthenticityToken error Intermittent Rails 5 ActionController::InvalidAuthenticityToken
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM