10

I try to work with a webhook to get a JSON, I read that I should install ngrok because webhooks do not work locally, so I installed ngrok, and tried to follow this small tuto : https://medium.com/@derek_dyer/rails-webhooks-local-development-7b7c755d85e3

I created my routes : 

get 'invoice/webhooks'
post 'invoice/webhooks' =>'invoice#webhooks'

And my controller : 

def webhooks
   render json: response.body, status: 200
end

I also plugged my URL : https://ce0d99f7.ngrok.io/invoice/webhooks in my service to receive the webhook

I run ./ngrok http 3000 in my terminal and I receive a message 

POST /invoice/webhooks         403 Forbidden

Is anyone knows how to fix that ?

Damien Compère
  • 219
  • 1
  • 3
  • 16
  • The "message" you mentioned is from the ngrok's output, right? I'd say it works as expected - just forwards the request to the app server. I'd check the app server error log/console output to get more context about the error... – Konstantin Strukov Dec 19 '19 at 22:01
  • Thanks for your answer ! Yes the message is from the console where I started ngrok ! – Damien Compère Dec 20 '19 at 09:08
  • Is there any kind of authentication on controller on before_action callback? – Shishir Dec 20 '19 at 10:04
  • Nope nothing, I did some modification and now I have a 422 Unprocessable Entity for the POST /invoice/webhooks – Damien Compère Dec 20 '19 at 10:09
  • Added skip_before_action :verify_authenticity_token in my controller fixed the problem, I now have a 200 OK on my POST /invoice/webhooks – Damien Compère Dec 20 '19 at 10:26

2 Answers2

32

If you using rails 6 and use ngrok in development you must edit the development.rb file in config/environments for add config.hosts << "a0000000.ngrok.io" where a0000000.ngrok.io is the url supplied by ngrok without https:// , if this no work so you must add skip_before_action :verify_authenticity_token in you controller.

daniel0318
  • 454
  • 4
  • 4
  • I have my ngrok tunnel address in my .env file for local testing, so in my development.rb file I just have `config.hosts << ENV['NGROK_TUNNEL_ADDRESS']`. This way I don't need to touch the development.rb when I start a new ngrok session, just the .env file. – australis May 25 '22 at 04:59
  • 1
    WITHOUT HTTPS was what did it for me, thanks! – Jeffrey Kozik Oct 20 '22 at 11:47
4

@daniel0318's answer is exactly right. I just wanted to mention you can use this regular expression to allow all traffic through ngrok (add to development.rb):

# /config/environments/development.rb

config.hosts << /.*\.ngrok\.io/

Restart your server, and it will work.

One last note: over the years ngrok has changed their URLs several times; ensure you have the up to date regex above (others may not work).

stevec
  • 41,291
  • 27
  • 223
  • 311