10

My Rails app suddenly started giving me the following error:

Can't verify CSRF token authenticity
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

I haven't made any changes to the app, so I'm totally flummoxed as to what's causing this issue. The full error log is below. I took out the authenticity token but have confirmed that the token is valid for the current user (by checking in the console).

2015-05-13T01:44:49.038482+00:00 app[web.1]: I, [2015-05-13T01:44:49.038369 #9]  INFO -- : Started POST "/projects?auth_token=xxx” for 76.118.180.235 at 2015-05-13 01:44:49 +0000
2015-05-13T01:44:49.044865+00:00 app[web.1]: I, [2015-05-13T01:44:49.044762 #9]  INFO -- : Completed 422 Unprocessable Entity in 1ms
2015-05-13T01:44:49.119991+00:00 app[web.1]: I, [2015-05-13T01:44:49.119893 #9]  INFO -- : Processing by SpinsController#create as JSON
2015-05-13T01:44:49.120060+00:00 app[web.1]: I, [2015-05-13T01:44:49.119998 #9]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.120537+00:00 app[web.1]: W, [2015-05-13T01:44:49.120469 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.122935+00:00 app[web.1]: F, [2015-05-13T01:44:49.122841 #9] FATAL -- : 
2015-05-13T01:44:49.122938+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.122940+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122941+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.122943+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.122945+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.122946+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122948+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.122949+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.122951+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.122952+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.043562+00:00 app[web.1]: I, [2015-05-13T01:44:49.043425 #9]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T01:44:49.043630+00:00 app[web.1]: I, [2015-05-13T01:44:49.043582 #9]  INFO -- :   Parameters: {"project"=>{"name"=>"New Set"}, "auth_token"=>”xxx”}
2015-05-13T01:44:49.044251+00:00 app[web.1]: W, [2015-05-13T01:44:49.044184 #9]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.047524+00:00 app[web.1]: F, [2015-05-13T01:44:49.047435 #9] FATAL -- : 
2015-05-13T01:44:49.047527+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.047528+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122954+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.122955+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.122957+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.122959+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.122961+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.122962+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.122964+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047530+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.047532+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.047534+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.047535+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122965+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.122968+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.122969+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.122971+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.122973+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.122975+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.122977+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.122979+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.122981+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.123001+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.123002+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.047537+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.047538+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.047540+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.047541+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.047543+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.047544+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047546+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.123004+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.123005+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.123007+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.123008+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.123009+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.123011+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047547+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.047549+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.047550+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.047551+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047553+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.047554+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.047555+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.123012+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123013+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123015+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123022+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.123023+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.123025+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.123026+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.123027+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.123029+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.047556+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.047557+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.047559+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.047560+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.047561+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.047562+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.047564+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.047588+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.123030+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.123031+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.123033+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.123034+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047589+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.047590+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.047592+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.047593+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.047594+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.047595+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047597+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047598+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123035+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.123037+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047599+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047610+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.047612+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.047613+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.047614+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.047616+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.047617+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.123038+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.123039+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123041+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123042+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.123044+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.123045+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047618+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.047620+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.047621+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.047623+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047624+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.047625+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047627+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.047628+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123046+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.123048+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.123049+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.123050+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.047630+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123051+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.123053+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.123054+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.123055+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.123056+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047631+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.047632+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.047633+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047635+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.047636+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.047637+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047638+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.123058+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.123059+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123060+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123062+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.123063+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.123064+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.123065+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047639+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.047641+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.047642+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.047643+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.047644+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047645+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.047646+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123067+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.123068+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.123070+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.123071+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.123072+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.123074+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.123076+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'
2015-05-13T01:44:49.123078+00:00 app[web.1]: 
2015-05-13T01:44:49.047648+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123079+00:00 app[web.1]: 
2015-05-13T01:44:49.047649+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.047650+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.047651+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.047653+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047654+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.047655+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.047656+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.047657+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.047658+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.047660+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.047661+00:00 app[web.1]:   vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'

As I'm sure the site was working 3 days ago, I reverted my code thinking that perhaps there was an update to a Gem I was using that may have caused the issue. But it didn't seem to resolve the issue at all.

Has anyone else run into a similar error, and if so, do you know how to fix it? I have already tried multiple suggestions from various StackOverflow posts to no avail (for example, adding "protect_from_forgery with: :null_session" to my application_controller.rb)

Currently, I have the following in my sessions controller:

class SessionsController < ApplicationController
  skip_before_filter :verify_authenticity_token,
                     :if => Proc.new { |c| c.request.format == 'application/json' }

And I have the following line in my application.html.erb

  <%= csrf_meta_tags %>

After some suggestions, I added the following to my application_controller.rb:

 before_filter :cor
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token

 def bad_token
    Rails.logger.debug("session expired!")
  end


  private
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

However, I'm still receive the same error, albeit shorter:

2015-05-13T02:45:26.893689+00:00 app[web.2]: I, [2015-05-13T02:45:26.893643 #6]  INFO -- :   Parameters: {"spin"=>{}, "auth_token"=>"xxx"}
2015-05-13T02:45:26.895581+00:00 app[web.2]: W, [2015-05-13T02:45:26.893966 #6]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.895583+00:00 app[web.2]: I, [2015-05-13T02:45:26.894210 #6]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.728920+00:00 app[web.2]: I, [2015-05-13T02:45:26.728852 #12]  INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T02:45:26.729261+00:00 app[web.2]: W, [2015-05-13T02:45:26.729155 #12]  WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.729430+00:00 app[web.2]: I, [2015-05-13T02:45:26.729380 #12]  INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.890043+00:00 app[web.2]: I, [2015-05-13T02:45:26.889933 #6]  INFO -- : Started POST "/spins?auth_token=ArpuyxbDyjtyn67r3JgF" for 76.118.180.235 at 2015-05-13 02:45:26 +0000
2015-05-13T02:45:26.888494+00:00 heroku[router]: at=info method=POST path="/spins?auth_token=ArpuyxbDyjtyn67r3JgF" host=spin360-staging.herokuapp.com request_id=5edd715a-a01d-4558-9aa3-7f2c2c3dc927 fwd="76.118.180.235" dyno=web.2 connect=1ms service=8ms status=200 bytes=324
scientiffic
  • 9,045
  • 18
  • 76
  • 149

5 Answers5

8

This often happens especially with the search bots or API calls from another applications or ping services (like pingdom).

For allow cross domain request (if you have API on your website or some another service for external application) you can add this code to your application_controller.rb

# API POST REQUEST ALLOW CROSS DOMAIN
  before_filter :cor
  def cor
    headers["Access-Control-Allow-Origin"]  = "*"
    headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
    headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
    head(:ok) if request.request_method == "OPTIONS"
  end

If you don't have API, this error may have simple problem with expired session, just add this code to your application_controller.rb

# Resque form for invalid authentificitytoken
  rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token
  def bad_token
    flash[:warning] = "Session expired"
    redirect_to root_path
  end

In any cases better to add second code to check expired session and doesn't show rails error for user. Showing rails general error when ActionController::InvalidAuthenticityToken confusing people because it is not site error.

Paweł Gościcki
  • 9,066
  • 5
  • 70
  • 81
Alex
  • 368
  • 2
  • 13
  • Thanks for your advice - I'm actually doing a POST request to my Rails app via an iOS app. I'm wondering how an authentication token even becomes invalid? I will try your suggestions and let you know if they work. – scientiffic May 13 '15 at 02:08
  • 1
    I have same problems 1 year ago when I try to post data from my Android app and from external services by API. After I added this 2 methods I have newer seen errors. Auth token has expired period, or it can be invalid after disconnect. – Alex May 13 '15 at 02:14
  • how do you set authentication tokens so they don't expire? – scientiffic May 13 '15 at 02:14
  • I don't do this for real user, I just check if Token expired. It's not good practice to change default expired. For API authentication system I am using user login and password – Alex May 13 '15 at 02:17
  • I spoke to soon - actually, this didn't resolve the issue for me. My error messages are shorter now but I'm still not able to process the POST request. I'll update my question with the new error. – scientiffic May 13 '15 at 02:48
  • second code solve problem with InvalidAuthenticityToken error for people. Better way in API for apps use this code in every controller: skip_before_filter :verify_authenticity_token, :only => [:create, :update]. You use in your application controller protect_from_forgery with: :exception but For APIs, you may want to use :null_session instead. – Alex May 13 '15 at 02:58
4

A little late to the party but if in case anyone else is looking for a solution.

Are you making a POST request to ProjectsController#create? If so try adding 

protect_from_forgery with: :null_session, only: [:create]

to the top of ProjectsController. Functionally it should be the same as skip_before_action :verify_authenticity_token but not sure if you are inheriting from ApplicationController. If you would like to add your Proc check, you can do

protect_from_forgery with: :null_session,
    if: Proc.new { |c| c.request.format =~ %r{application/json} }
jkwok
  • 111
  • 4
3

We experience same issue and ended up using rack cors gem. It provides lots flexibility.

Simply add this line to Gemfile

gem 'rack-cors', :require => 'rack/cors'

and then run bundle install command. There are many configuration options available. For more details https://github.com/cyu/rack-cors

Shahzad Tariq
  • 2,767
  • 1
  • 22
  • 31
1

Enable cookies in your browser.

I had the same issue by using w3m version 0.5.3 on the distribution adJ of OpenBSD 5.7. The application worked again for me when I enabled cookies to w3m by using the option -cookie:

w3m --cookie http://127.0.0.1:3000
Machavity
  • 30,841
  • 27
  • 92
  • 100
vtamara
  • 148
  • 6
  • I wonder why the downvote. The situation I described solved the problem for me in the context explained. – vtamara Jul 18 '16 at 08:56
  • I just upvoted, because it is what happened on a project I was working on. I haven't finished looking, but I think that cookies off might pass a null session id? – benc Aug 20 '16 at 02:56
0

I have been working Chatrooms with action cable Rails 5.2 and face the same problem. It appears that this happened on the controller and then I used this:

protect_from_forgery with: :null_session,
    if: Proc.new { |c| c.request.format =~ %r{application/json} }

in the application controller and it worked amazingly.

double-beep
  • 5,031
  • 17
  • 33
  • 41
Asher Namanya
  • 27
  • 5