Can't verify CSRF token authenticity in the production side using heroku

Question

I have a blog application in ruby on rails which is finely working in the development side. But when I try to deploy it into the heroku I am getting the Can't verify CSRF token authenticity and Completed 401 Unauthorized error in the heroku log while creating a new post in my application.I also seen many previously asked questions and included protect_from_forgery with: :null_session. But the error is same. How to resolve it. I have included the git repository for your reference.git repository of my application

score 1 · Answer 1 · answered Sep 07 '18 at 04:59

1

Add below line in controller .

skip_before_action :verify_authenticity_token

You can need to add action in which problem is coming

:only/:except - Only apply forgery protection to a subset of actions.

For example only: [ :create, :create_all ]

answered Sep 07 '18 at 04:59

Bodh1004

309
3
9

In which controller i need to give this – Praveen R Sep 07 '18 at 05:00
you need to put it in `posts_controller.rb`. – Kedarnag Mukanahallipatna Sep 07 '18 at 05:04
controller in which there is problem . – Bodh1004 Sep 07 '18 at 05:04
okay I will try that – Praveen R Sep 07 '18 at 05:09
Do i need to add forgery protection for post create alone?? – Praveen R Sep 07 '18 at 05:10
@KedarnagMukanahallipatna okay – Praveen R Sep 07 '18 at 05:12
@BodharthLonkar I have given that now i can create a post but when i try to delete a post it is rendering to the post show page.Also the post is not deleted. – Praveen R Sep 07 '18 at 05:30
What error its showing in logs ? – Bodh1004 Sep 07 '18 at 05:42
It is not showing any error in log – Praveen R Sep 07 '18 at 05:50
I just rendering to the show page.Not only for deleting the post the same is obtained for deleting a topic and comment. – Praveen R Sep 07 '18 at 05:52
@BodharthLonkar Whenever I try to delete a topic/post/comment it is redirected to the respective show pages – Praveen R Sep 07 '18 at 05:53
@PraveenR can you try below code in `rails c`: `Post.last.destroy` and let me know what happens. – Bodh1004 Sep 07 '18 at 06:56
@PraveenR You can vote my answer if it works for you. Thanks ! – Bodh1004 Sep 07 '18 at 06:56
Should I need to delete it using console – Praveen R Sep 07 '18 at 06:58
@BodharthLonkar I used it but in the console it is fine and the post is successfully deleted. whereas in production environment I am facing the same issue – Praveen R Sep 07 '18 at 07:00
@PraveenR : Try on production rails console . – Bodh1004 Sep 07 '18 at 07:05
okay I will try – Praveen R Sep 07 '18 at 07:06
How to run production console – Praveen R Sep 07 '18 at 07:08
@PraveenR : heroku run rails console --sandbox – Bodh1004 Sep 07 '18 at 07:13
@BodharthLonkar Now it is deleted successfully in console – Praveen R Sep 07 '18 at 07:15
this doesn't resolve issue, this make application vulnerable. – Roman Kiselenko Sep 07 '18 at 07:44
But when I delete a post it is redirecting to the show page how to resolve it @Зелёный – Praveen R Sep 07 '18 at 07:52
@Зелёный Also the question is different from that you have mentioned – Praveen R Sep 07 '18 at 07:53

Can't verify CSRF token authenticity in the production side using heroku

1 Answers1