Rails 4 + omniauth facebook - csrf detected

Question

I am working on my RoR4 app to enable users to login via existing facebook account. I registered a facebook app (a live and tested version) and stored its api and secret in development.rb. I used omniauth-facebook and devise gems and encountered an "Csrf detected" problem.

My application's code is highy inspired from this blogpost: http://sourcey.com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/

I did see a solution from a stackoverflow post dated 2 years ago (Rails + omniauth + facebook - csrf detected) - but latest omniauth-facebook version is much greater than the one posted. Either way, I tried to roll back to omniauth-facebook gem to version 1.4.1 and I still encountered this problem.

Gems

oauth2 (1.0.0)
omniauth (1.2.2)
omniauth-facebook (2.0.1)
omniauth-oauth2 (1.3.1)

Ideas?

Errors log

(facebook) Callback phase initiated.
(facebook) Callback phase initiated.
(facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Answer 1

I have similar issue with device and omniauth-facebook, but it was my mistake.

Previously I have added facebook app id and secrets in both device.rb and omniauth.rb initializer (Both are initializers in config/initializers folder ). I removed these facebook configurations from omniauth.rb and restarted server, and It works.

Please check your device.rb and and other omniauth related initializers.

May be it work..