Menu
I've discovered that using a domain such as foo.bar.uk.com causes Rails to throw an ActionController::InvalidAuthenticityToken when submitting any forms.
foo.bar.co.uk and foo.bar.co.com work, but for some reason foo.bar.uk.com throws the error.
Is there a list of acceptable domain/TLDs somewhere?
It also throws the error on foo.bar.eu.com
Update:
removing:
:domain => :all
from:
MyApp::Application.config.session_store :cookie_store, key: '_my_session', :domain => :all
allows the form to submit, but it doesn't fix login (i.e. other cookie related functionality).
637
Rails gets confused when your project is deployed in a domain that contains more than one TLD. In Rails 3, if that's what you're using, ,you have to change the file config/initializers/session_store.rb.
Rails.application.config.session_store :cookie_store, {
key: 'YOUR KEY, THIS VALUE IS ALREADY DEFINED',
domain: '.co.uk'
}
Hope it helps
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With