So I'm learning Rails (Have prev used Django and Flask. New to Rails). I face an authenticity token error when I try to submit a form on my Rails app. DB's been migrated and the app works as expected. It's just that the form throws up a "ActionController::InvalidAuthenticityToken" error and says that the request.base_url doesn't match the expected result (i.e localhost of 127.0.0.1). This makes sense since I'm running the app on Google Cloud Shell (Which hosts it on a public "<4 digit PORT number>-dot--dot-devshell.appspot.com" format link). Has anybody gotten around this?
Asked
Active
Viewed 150 times
0
-
this page wiil help? https://stackoverflow.com/questions/3364492/actioncontrollerinvalidauthenticitytoken – spike 王建 Aug 11 '20 at 12:44
1 Answers
1
Short answer:
Go to <app_dir>/config/environments/development.rb Add "config.action_controller.forgery_protection_origin_check = false" to the development.rb file
Long answer:
Okay, so https://github.com/rails/rails/issues/22965 and https://github.com/rails/rails/issues/22965#issuecomment-172983268 are relevant here.
Quoting the RoR docs, "'config.action_controller.forgery_protection_origin_check' configures whether the HTTP Origin header should be checked against the site's origin as an additional CSRF defense." The check is enabled by default and one may disable it in the dev environment by adding it to <app_dir>/config/environments/development.rb (This is for Rails 6.0.3.2). I think one should be able to change the expected result of request.base_url to match the development environment too. However, I haven't figured that one out yet. Hope this helps anybody developing Rails using Google Cloud Shell
EDIT: typos, clarity