Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails 5.2 some controller actions gives InvalidAuthenticityToken

Tags:

csrf

ruby-on-rails-5.2

Previously I used a gem which provided a controller for accepting external services to POST some data into our app. However in Rails 5.2 it stopped working. When the endpoint is triggered, it raises ActionController::InvalidAuthenticityToken error.

like image 770
lulalala Avatar asked Jan 29 '23 16:01

lulalala

1 Answers

For Rails before 5.2, the generated ApplicationController will call protect_from_forgery, meaning POST,PUT,DELETE actions are checked for authenticity.

New Rails 5.2 projects will by default check authenticity token for any subclass of ActionController::Base instead, which affects many existing Gems.

You can wait for the gem updates for compatibility with 5.2.

Alternatively, you can probably monkey patch these controllers in the initializer:

require 'foo_controller'
class FooController < ActionController::Base
  skip_before_action :verify_authenticity_token, raise: false
end
like image 55
lulalala Avatar answered Feb 26 '23 01:02

lulalala
Sign in to Comment

Related questions

Howto prevent spoofed posting to a PHP like/unlike system
Preventing crf attacks on ajax requests in asp.net web forms
Correctly set headers for Laravel 5 CSRF Token
What are some examples where programmers might want to use csrf_exempt?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!