0

I can see the authenticity_token in the form parameters when I post yet I am getting this error message:

Started POST "/helloasdf/destroy_task?id=29" for 127.0.0.1 at 2017-08-19 21:12:14 -0400
Processing by TaskController#destroy_task as JS
  Parameters: {"authenticity_token"=>"XXXX", "id"=>"29", "task_url"=>"helloasdf"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

(I changed the token to XXXX).

What exactly is the problem or what am I doing wrong?

My ApplicationController has:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
Blankman
  • 259,732
  • 324
  • 769
  • 1,199
  • This question has already been answered in this StackOverflow post: [rails can't verify csrf token authenticity when making a post request](https://stackoverflow.com/questions/35181340/rails-cant-verify-csrf-token-authenticity-when-making-a-post-request) – Stephane Paquet Aug 20 '17 at 03:16

2 Answers2

0

This happened to me a while back, and I just couldn't figure out why it all out of the blue started throwing this error as soon as I tried to write something. After about 5 hours of debugging I realised that I had blocked cookies for localhost:3000, and a wild guess is that you probably have too.

Crashtor
  • 1,249
  • 1
  • 13
  • 21
0

Another guess, assuming you use application/x-www-form-urlencoded content type, is that you are not properly escaping the token - as it is base64 encoded it can contain plus (+) sign which will be interpreted as a space and will fail the authenticity check.

Check also this answer: Rails 3 Authenticity tokens: How to prevent it from using spaces? (although despite what the question says, a simple encodeURIComponent() of the token should also suffice)

Kostas Stamos
  • 175
  • 1
  • 3
  • 16