Menu
I've got a really weird issue with Rails 5 (beta1) and it's preventing me from safely submitting any forms.
When running in production mode behind an Nginx (1.4.6 on Ubuntu 12.04) reverse proxy which decrypts SSL, Rails is rejecting my CSRF tokens saying they are invalid despite the fact that the correct token is being submit by the form.
Everything works fine when I turn SSL off in Nginx.
Any help would be appreciated.
962
Fix by adding more headers in Nginx (X-Forwarded-Ssl on, X-Forwarded-Port 443 and X-Forwarded-Host "your hostname", X-Forwarded-Proto https). The problem was actually in the new way CSRF tokens are checked by ActionController (compares the request.base_url with the origin header)
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
