Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails Ajax Can't verify CSRF token Authenticity

In my rails app I'm getting "WARNING: Can't verify CSRF token authenticity" on an ajax post to an api.

app/views/layouts/application.html.haml :

!!!
%html
  %head
    = stylesheet_link_tag "application", :media => "all"
    = javascript_include_tag "application"
    = csrf_meta_tags
  %body
    = yield

ajax post :

$.ajax({ url: '#{card_credits_path}',
 type: 'POST',
 beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', '#{form_authenticity_token}')},
 dataType: "json",
 data: { credit_uri: response.data.uri,
         email: $('#email:hidden').val(),
         name: $('.name').val()
       },
success: function(randomobject) {
   window.location = '/';
   },
error: function(){
   console.log("Card information is wrong!");
   }
});
like image 514
Alain Goldman Avatar asked Jan 22 '14 03:01

Alain Goldman


1 Answers

Assuming you've set the CSRF token using the Rails csrf_meta_tag tag, the request's token will be available in the csrf-token meta tag:

<meta content="u-n-i-q-u-e-t-o-k-e-n" name="csrf-token" />

Since you're using jQuery, you can pass the token to your AJAX request by invoking the following value for the beforeSend key:

function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}
like image 176
zeantsoi Avatar answered Sep 28 '22 02:09

zeantsoi