CSRF Rejected in Production

Question

CSRF Rejected in Production

Closed this issue 6 years ago · 0 comments

Describe the bug
In production environment, all requests are being rejected due to CSRF token being rejected by Heroku. This is due to current setup.

Additional context
This is a possible solution for the problem, but comes with extra cost http://til.obiefernandez.com/posts/875a2a69af-cloudflare-flexible-ssl-mode-breaks-rails-5-csrf