Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ruby on Rails Invalid Authenticity Token when using IE

well for some strange reason IE gives me and InvalidAuthenticityToken error almost every time a POST query is used. Seems to be that IE does not like the "/" and "=" characters sometimes found in authenticity_token. So I wondered if anyone has actually found a solution to this?

More strange is that no other browser seems to behave that way.

Thanks in advance.

like image 688
Jaan J Avatar asked Mar 11 '10 12:03

Jaan J


People also ask

How do I fix invalid authenticity token?

This error can be due to corrupted cookie in your browser. Clear your browsers cache and cookies, restart the browser and try to log in.

How authenticity token works in Rails?

When the user submits the form, Rails looks for the authenticity_token , compares it to the one stored in the session, and if they match the request is allowed to continue. Since the authenticity token is stored in the session, the client cannot know its value.


1 Answers

Same problem here with a rails application launched in an iframe I get:

"the change you wanted was rejected"

In log:

ActionController::InvalidAuthenticityToken

Seems that the problem occur in IE when you are developing in an iframe situation where the master page is at a different domain than the inner page. (es: iframed Facebook applications)

This is because IE's default "medium" privacy setting has an issue with cookies in that situation.

A possible solution is to set a P3P header (try to google: p3p iframe internet explorer) Example, in application_controller.rb:

before_filter  :set_p3p

def set_p3p
  response.headers["P3P"]='CP="CAO PSA OUR"'
end

It works in my case.

Best Regards

Reference: http://duanesbrain.blogspot.com/2007/11/facebook-ie-and-iframes.html

like image 160
tucano Avatar answered Sep 28 '22 09:09

tucano