0

I'm on Rails

So I was messing around with my cookies and I might have deleted some important ones related to csrf. Now whenever I submit a form on my app I get: ActionController::InvalidAuthenticityToken

When I dig around in these requests it looks like this is why I am getting these errors.

When I actually debug through my request I get different values for form_authenticity_token and request.headers['X-CSRF-Token'] but I have no idea why.

it seems like request.headers['X-CSRF-Token'] is the one that actually matches the meta tag on my page (and hidden field tag in the form) and its form_authenticity_token that is incorrect.

Any thoughts?

goddamnyouryan
  • 6,854
  • 15
  • 56
  • 105

1 Answers1

1

So, weirdly enough, the reason I was seeing this was totally unrelated to anything else I thought I was seeing.

I had added this line to config/initializers/assets.rb

Rails.application.config.assets.prefix = ''

because on my production app I am using a cdn and its mapped to http://assets.mydomain.com and I didn't want it to resolve to http://assets.mydomain.com/assets/myasset.js

Unfortunately on production it looks like it was causing this issue, weirdly enough.

goddamnyouryan
  • 6,854
  • 15
  • 56
  • 105
  • 1
    Oh my god, I could kiss you right now... You have no idea how many days of my life I've lost to this bug. I've delved deep into the rails and rack source code, (and learnt a hell of a lot), but I doubt I would have figured that one out on my own. – Jules Copeland Oct 04 '14 at 01:48