Menu
Updated:
Problem solved
I just had to put protect_from_forgery in the Users controller. Thanks to all.
Rails 4.0.2
When I try to create a new record in the users table i get this message in browser:
ActionController::InvalidAuthenticityToken in UsersController#create
ActionController::InvalidAuthenticityToken
But it happens in Chrome(32.0.1700.107) and Opera(12.16) browsers. In Firefox(27.0.1) and IE 10.0.13 all works fine. Maybe it does not matter, but i have to say that also i use has_secure_password(bcrypt_ruby).
Rails Log:
...
Started POST "/users" for 127.0.0.1 at 2014-02-19 10:26:05 +0400
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"93jpgxCSY3XzZkIJKraOodyObBoaPoPMVz3RiOVBL10=", "user"=>{"name"=>"", "surname"=>"", "patronymic"=>"", "email"=>"", "address"=>"", "phone"=>"", "phone2"=>"", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Создать пользователя"}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.0.2) lib/action_controller/metal/request_forgery_protection.rb:163:in `handle_unverified_request'
actionpack (4.0.2) lib/action_controller/metal/request_forgery_protection.rb:170:in `handle_unverified_request'
actionpack (4.0.2) lib/action_controller/metal/request_forgery_protection.rb:177:in `verify_authenticity_token'
...
View file users/new.html.slim:
= stylesheet_link_tag 'users'
.new_user_container
= form_for @user do |f|
= f.label "Имя"
br
= f.text_field :name
br
= f.label "Фамилия"
br
= f.text_field :surname
br
= f.label "Отчество"
br
= f.text_field :patronymic
br
= f.label "Пароль"
br
= f.text_field :password
br
= f.label "Подтверждение пароля"
br
= f.text_field :password_confirmation
br
br
= f.submit "Создать пользователя"
279
We get this error when the controller detects that we have not properly passed a CSRF (Cross Site Request Forgery) token in with a POST , PUT , PATCH , or DELETE request.
The authenticity token is designed so that you know your form is being submitted from your website. It is generated from the machine on which it runs with a unique identifier that only your machine can know, thus helping prevent cross-site request forgery attacks.
I just had to put protect_from_forgery in the Users controller. Thanks to all.
class UsersController < ApplicationController
protect_from_forgery
def index
#@users = User.all.includes(:roles)
@users = User.all
end
def show
end
def new
@user = User.new
end
def create
@user = User.new user_params
puts @user.errors.inspect
if @user.save
flash[:notice] = "Пользователь удачно создан"
redirect_to :users
else
flash[:notice] = "Пользователь не создан"
render file: :'users/user_error'
end
flash["notice"] = "Test notice"
#redirect_to :users
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With