Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Invalid Cross Origin Request After Upgrading to Rails 4.1

Some point after I upgraded from Rails 3.2 to Rails 4.1, I started getting the following errors:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript

They mainly come from Internet Explorer 6 or 8 browsers on Windows XP, and never have accompanying user info, even though they're accessing a controller action that is only displayed to signed-in users.

How do I fix this issue or resolve it?

(See also a related issue from before upgrading: Why does Rails Fail to access the Session in an Ajax request from Internet Explorer? )

like image 356
am-rails Avatar asked May 28 '14 02:05

am-rails


1 Answers

As per "CSRF protection from remote tags " from the rails guide:

In the case of tests, where you also doing the client, change from:

get :index, format: :js

To:

xhr :get, :index, format: :js

http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#csrf-protection-from-remote-script-tags

In the case you want to make this route skip csrf check, white list the route using something like:

protect_from_forgery :except => :create
like image 187
JAR.JAR.beans Avatar answered Oct 29 '22 02:10

JAR.JAR.beans