InvalidAuthenticityToken on Rails 5.2.0

Question

InvalidAuthenticityToken on Rails 5.2.0

Closed this issue 7 years ago · 4 comments

When setting up Griddler with a Rails 5.2.0 app it's expecting the CSRF token to be provided with the request. I'm not sure if this was an issue introduced by this release of Rails but I can't find other references to it on this repo.

INFO -- : [XXX] Started POST "/email_processor" for XXX.XXX.XXX.XXX at 2018-04-11 23:58:23 +0000
INFO -- : [XXX] Processing by Griddler::EmailsController#create as */*
WARN -- : [XXX] Can't verify CSRF token authenticity.
INFO -- : [XXX] Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms)

I've subclassed the controller in order to add the skip_before_action to get it working - but is this something you would consider adding to the gem itself?

Answer 1 · 2018-04-12T04:12:03.000Z

Just noticed this in the new_framework_defaults_5_2.rb file that ships with Rails 5.2.0, so I suspect this issue was introduced in this new version.

# Add default protection from forgery to ActionController::Base instead of in
# ApplicationController.
# Rails.application.config.action_controller.default_protect_from_forgery = true

Answer 2 · 2018-04-22T14:39:36.000Z

Can confirm this, seeing the same here, even with

Rails.application.config.action_controller.default_protect_from_forgery = false

Answer 3 · 2018-04-22T14:50:48.000Z

I do not have a griddler instance in production on any Rails v5 applications. If someone can fix this and push a PR that'd be awesome. Otherwise, not sure I'm going to have time anytime soon to look into it.

Answer 4 · 2018-04-22T23:49:01.000Z

Made a quick PR for this - the build is failing but looks like master was already failing anyway.