In my rails app I'm getting "WARNING: Can't verify CSRF token authenticity" on an ajax post to an api.
app/views/layouts/application.html.haml :
!!!
%html
%head
= stylesheet_link_tag "application", :media => "all"
= javascript_include_tag "application"
= csrf_meta_tags
%body
= yield
ajax post :
$.ajax({ url: '#{card_credits_path}',
type: 'POST',
beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', '#{form_authenticity_token}')},
dataType: "json",
data: { credit_uri: response.data.uri,
email: $('#email:hidden').val(),
name: $('.name').val()
},
success: function(randomobject) {
window.location = '/';
},
error: function(){
console.log("Card information is wrong!");
}
});
Assuming you've set the CSRF token using the Rails csrf_meta_tag
tag, the request's token will be available in the csrf-token
meta tag:
<meta content="u-n-i-q-u-e-t-o-k-e-n" name="csrf-token" />
Since you're using jQuery, you can pass the token to your AJAX request by invoking the following value for the beforeSend
key:
function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With