Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails: Can't verify CSRF token authenticity

Tags:

ruby

ruby-on-rails

authenticity-token

csrf

devise

My Rails app suddenly started giving me the following error:

Can't verify CSRF token authenticity
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

I haven't made any changes to the app, so I'm totally flummoxed as to what's causing this issue. The full error log is below. I took out the authenticity token but have confirmed that the token is valid for the current user (by checking in the console).

2015-05-13T01:44:49.038482+00:00 app[web.1]: I, [2015-05-13T01:44:49.038369 #9]  INFO -- : Started POST "/projects?auth_token=xxx” for 76.118.180.235 at 2015-05-13 01:44:49 +0000
2015-05-13T01:44:49.044865+00:00 app[web.1]: I, [2015-05-13T01:44:49.044762 #9]  INFO -- : Completed 422 Unprocessable Entity in 1ms
2015-05-13T01:44:49.119991+00:00 app[web.1]: I, [2015-05-13T01:44:49.119893 #9]  INFO -- : Processing by SpinsController#create as JSON
2015-05-13T01:44:49.120060+00:00 app[web.1]: I, [2015-05-13T01:44:49.119998 #9]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.120537+00:00 app[web.1]: W, [2015-05-13T01:44:49.120469 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.122935+00:00 app[web.1]: F, [2015-05-13T01:44:49.122841 #9] FATAL -- : 
2015-05-13T01:44:49.122938+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.122940+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122941+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.122943+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.122945+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.122946+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122948+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.122949+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.122951+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.122952+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.043562+00:00 app[web.1]: I, [2015-05-13T01:44:49.043425 #9]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T01:44:49.043630+00:00 app[web.1]: I, [2015-05-13T01:44:49.043582 #9]  INFO -- :   Parameters: {"project"=>{"name"=>"New Set"}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.044251+00:00 app[web.1]: W, [2015-05-13T01:44:49.044184 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.047524+00:00 app[web.1]: F, [2015-05-13T01:44:49.047435 #9] FATAL -- : 
2015-05-13T01:44:49.047527+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.047528+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122954+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.122955+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.122957+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.122959+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.122961+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.122962+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.122964+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047530+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.047532+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.047534+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.047535+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122965+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.122968+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.122969+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.122971+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.122973+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.122975+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.122977+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.122979+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.122981+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.123001+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.123002+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.047537+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.047538+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.047540+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.047541+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.047543+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.047544+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047546+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.123004+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.123005+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.123007+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.123008+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.123009+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.123011+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047547+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.047549+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.047550+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.047551+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047553+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.047554+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.047555+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.123012+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123013+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123015+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123022+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.123023+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.123025+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.123026+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.123027+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.123029+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.047556+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.047557+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.047559+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.047560+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.047561+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.047562+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.047564+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.047588+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.123030+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.123031+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.123033+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.123034+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047589+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.047590+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.047592+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.047593+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.047594+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.047595+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047597+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047598+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123035+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.123037+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047599+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047610+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.047612+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.047613+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.047614+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.047616+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.047617+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.123038+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.123039+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123041+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123042+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.123044+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.123045+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047618+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.047620+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.047621+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.047623+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047624+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.047625+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047627+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.047628+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123046+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.123048+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.123049+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.123050+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.047630+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123051+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.123053+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.123054+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.123055+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.123056+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047631+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.047632+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.047633+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047635+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.047636+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.047637+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047638+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.123058+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.123059+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123060+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123062+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.123063+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.123064+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.123065+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047639+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.047641+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.047642+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.047643+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.047644+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047645+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.047646+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123067+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.123068+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.123070+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.123071+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.123072+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.123074+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.123076+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'
2015-05-13T01:44:49.123078+00:00 app[web.1]: 
2015-05-13T01:44:49.047648+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123079+00:00 app[web.1]: 
2015-05-13T01:44:49.047649+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.047650+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.047651+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.047653+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047654+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.047655+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.047656+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.047657+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.047658+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.047660+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.047661+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'

As I'm sure the site was working 3 days ago, I reverted my code thinking that perhaps there was an update to a Gem I was using that may have caused the issue. But it didn't seem to resolve the issue at all.

Has anyone else run into a similar error, and if so, do you know how to fix it? I have already tried multiple suggestions from various StackOverflow posts to no avail (for example, adding "protect_from_forgery with: :null_session" to my application_controller.rb)

Currently, I have the following in my sessions controller:

class SessionsController < ApplicationController
  skip_before_filter :verify_authenticity_token,
                     :if => Proc.new { |c| c.request.format == 'application/json' }

And I have the following line in my application.html.erb

  <%= csrf_meta_tags %>

After some suggestions, I added the following to my application_controller.rb:

 before_filter :cor
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token

 def bad_token
    Rails.logger.debug("session expired!")
  end


  private
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

However, I'm still receive the same error, albeit shorter:

2015-05-13T02:45:26.893689+00:00 app[web.2]: I, [2015-05-13T02:45:26.893643 #6]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>"xxx"}
2015-05-13T02:45:26.895581+00:00 app[web.2]: W, [2015-05-13T02:45:26.893966 #6]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.895583+00:00 app[web.2]: I, [2015-05-13T02:45:26.894210 #6]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.728920+00:00 app[web.2]: I, [2015-05-13T02:45:26.728852 #12]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T02:45:26.729261+00:00 app[web.2]: W, [2015-05-13T02:45:26.729155 #12]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.729430+00:00 app[web.2]: I, [2015-05-13T02:45:26.729380 #12]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.890043+00:00 app[web.2]: I, [2015-05-13T02:45:26.889933 #6]  INFO -- : Started POST "/spins?auth_token=ArpuyxbDyjtyn67r3JgF" for 76.118.180.235 at 2015-05-13 02:45:26 +0000
2015-05-13T02:45:26.888494+00:00 heroku[router]: at=info method=POST path="/spins?auth_token=ArpuyxbDyjtyn67r3JgF" host=spin360-staging.herokuapp.com request_id=5edd715a-a01d-4558-9aa3-7f2c2c3dc927 fwd="76.118.180.235" dyno=web.2 connect=1ms service=8ms status=200 bytes=324
like image 295
scientiffic Avatar asked May 13 '15 01:05

scientiffic

1 Answers

This often happens especially with the search bots or API calls from another applications or ping services (like pingdom).

For allow cross domain request (if you have API on your website or some another service for external application) you can add this code to your application_controller.rb

# API POST REGUEST ALLOW CROSS DOMAIN
  before_filter :cor
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

If you don't have API, this error may have simple problem with expired session, just add this code to your application_controller.rb

# Resque form for invalid authentificitytoken
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token
  def bad_token
    flash[:warning] = "Session expired"
    redirect_to root_path
  end

In any cases better to add second code to check expired session and doesn't show rails error for user. Showing rails general error when ActionController::InvalidAuthenticityToken confusing people because it is not site error.

like image 112
Alex Avatar answered Sep 21 '22 05:09

Alex
Sign in to Comment

Related questions

Rails – Custom Resource Routes
Rails Migration Change vs Up & Down methods
Setting up to invoke form helpers from Rails console
Empty (but working) show method on controller generated via scaffolding?
JSON Decode Parameter Issue
Docker, can't reach "rails server" development from localhost:3000 using docker flag -p 3000:3000
Gitlab won't send email - omnibus Gitlab CentOS 6.5
Does using migrations with Rails/Mongoid/MongoDB make sense?
Rails Associations with Modules
RubyMine Errors
How to specify facebook graph API version while using devise and omniauth-facebook
No such file or directory - identify with Mini Magick
SSH and -bash: fork: Cannot allocate memory VPS Ubuntu
Strip time zone part from Time in Ruby
How to remove relationship in Neo4jRB 3.0?
RSpec/Capybara testing have_selector conundrum
How do you access an object's (ActiveRecord::Relation) value by key in Ruby on Rails?
Log full stacktrace in rails including all gems
Alter response.body in Rack Middleware
Checking if an attribute changed after commit in Rails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!