4

I'm running an app in development mode with Rails 5.2 hosted on a remote nginx server. When I try to Post or Delete a record using Firefox or Microsoft Edge, everything works fine, but when I use Chrome I get the 'ActionController::InvalidAuthenticityToken' error from Rails.

I have been researching this issue for the past few hours and haven't been able to find anyone who is having the same issue as me. Everything works fine locally, but when I push the changes to my remote (development) server I run into some issues.

Rails 5 ActionController::InvalidAuthenticityToken error and ActionController::InvalidAuthenticityToken

Referencing the above two questions I added the following code to my application_controller.rb 

skip_before_action :verify_authenticity_token
protect_from_forgery prepend: true, with: :exception

However the errors persist.

Application Controller

#application_controller.rb
class ApplicationController < ActionController::Base
  skip_before_action :verify_authenticity_token
  protect_from_forgery prepend: true, with: :exception
end

Form which results in errors after being submitted

   <%= form_for service_line_item, url: services_edit_line_item_path(service_line_item_id: service_line_item.id), html: {class: 'collapse services-form edit-service-line-item-form'} do |f| %>
          <p>
            <%= f.label :title, name: "Title" %>
            <%= f.text_field :title, placeholder: service_line_item.title %>
            <br>
            <%= f.label :body, name: "Body" %>
            <%= f.text_field :body, placeholder: service_line_item.body %>
            <%= f.submit "change" %>
          </p>
   <% end %>

My app is configured to be accessed through the subdirectory 'zoom'. This nginx block redirects traffic to my rails server. 

location /zoom {
   proxy_pass http://localhost:3000;
}

This is the output from the server's log

Started POST "/zoom/services/new-line-item?service_id=2&service_type=2" for 127.0.0.1 at 2019-01-25 22:55:42 +0000
Processing by ServicesController#new_line_item as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"6t1vC2dqnJ7QQO8+6+U06YP9TJE93rf0wDzXOar2WkeOj+DLKKpBMihz0NzrSiliE5gsZ1WDPXu5E3tQn9GXlw==", "service_line_item"=>{"title"=>"a", "body"=>""}, "commit"=>"create", "service_id"=>"2", "service_type"=>"2"}
HTTP Origin header (https://dev.mysite.com) didn't match request.base_url (http://localhost:3000)
Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms)

I don't want to disable CSRF protection, but I'm not sure how to bypass this error without doing so. It's very strange to me why Firefox and Microsoft Edge work and not Chrome. Any help would be very much appreciated.

Jordan Lagan
  • 222
  • 2
  • 13
  • Since you are using nginx, you could try using unix sockets instead of a proxy_pass to the localhost url. Capistrano even has default recipes to set all the config for you if you use puma as the rails server. I think it will work better. No idea whi it works for other browsers and not chrome though. – arieljuod Jan 26 '19 at 02:12

0 Answers0