Questions tagged [authenticity-token]

AuthenticityToken is a feature of Ruby on Rails used to protect against CSRF

81 questions

1051

votes

10 answers

Understanding the Rails Authenticity Token

What is the Authenticity Token in Rails?

ruby-on-rails ruby authenticity-token

asked Jun 02 '09 at 20:01

Ricardo Acras

35,784
16
71
112

200

votes

13 answers

Rails 4 Authenticity Token

I was working on a new Rails 4 app (on Ruby 2.0.0-p0) when I ran into some authenticity token problems. While writing a controller that responds to json (using the respond_to class method), I got to the create action I started getting…

ruby-on-rails ruby ruby-on-rails-4 authenticity-token

asked Apr 28 '13 at 02:25

alexcoco

6,657
6
27
39

votes

9 answers

Proper way to send an Authenticity Token with AJAX to Rails

This works but gets stopped because it lacks an authenticity token: $(".ajax-referral").click(function(){ $.ajax({type: "POST", url: $(this).parent("form").attr("action"), dataType: "script"}); return false; }); So I tried adding it like…

javascript jquery ruby-on-rails ajax authenticity-token

asked Sep 26 '11 at 20:20

Trip

26,756
46
158
277

votes

3 answers

How to POST with missing authenticity_token in rspec rails request test?

I'm simulating a request coming from an external service, which will not have an authenticity token. I want the test to fail if skip_before_action :verify_authenticity_token is missing. How do I do this from an Rspec request spec? Currently I'm…

ruby-on-rails rspec csrf authenticity-token

asked Mar 09 '15 at 16:38

James EJ

1,955
1
18
16

votes

5 answers

Ruby on Rails form page caching including authenticity_token

I have a simple Ruby on Rails form which includes an authenticity_token. Unfortunatly, I missed that when you page cache this page then the Authenticity Token becomes invalid. I'm glad I figured it out however. How do you solve caching in such a…

ruby-on-rails forms caching authenticity-token

asked Mar 05 '10 at 04:30

jacob

1,214
2
13
22

votes

2 answers

Rails authenticity_token on a form vs csrf token

On same page of a rails 4 app I have a in the head: and below in the body:

votes

1 answer

Debugging Random Invalid Authenticity Token Errors

Our production server has been producing invalid authenticity token errors for several months now. The errors are produced on almost all forms sending (PUT|POST|DELETE) requests. Sometimes the error occurs, sometimes they don't. There appears to be…

ruby-on-rails forms ruby-on-rails-4 session-cookies authenticity-token

asked Nov 02 '16 at 19:24

thank_you

11,001
19
101
185

votes

5 answers

Rails: Can't verify CSRF token authenticity

My Rails app suddenly started giving me the following error: Can't verify CSRF token authenticity ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): I haven't made any changes to the app, so I'm totally…

ruby-on-rails ruby devise csrf authenticity-token

asked May 13 '15 at 01:54

scientiffic

9,045
18
76
149

votes

1 answer

Rails 6 - constant ActionController::InvalidAuthenticityToken

I'm tinkering with Rails 6 and I am constantly getting ActionController::InvalidAuthenticityToken on forms generated by rails, such as (implementing the rails tutorial book register/login flow) <%= form_for(@user, url: 'signup') do |f| %> <%=…

ruby-on-rails csrf actioncontroller ruby-on-rails-6 authenticity-token

asked Aug 20 '19 at 11:19

Rando Hinn

1,255
19
41

votes

1 answer

CSRF tokens to not match what is in session (Rails 4.1)

We are seeing an unfortunate and likely browser-based CSRF token authenticity problem in our Rails 4.1 app. We are posting it here to ask the community if others are seeing it too. Please be aware that most error reporting tools — like Honeybadger —…

ruby-on-rails csrf authenticity-token

asked Jul 26 '17 at 14:22

Jason FB

4,752
3
38
69

votes

2 answers

How do i add the authenticity token?

I recently switched to Google closure for a new project. I am having trouble adding the authenticity token to the headers in a ajax call. How do i go about it? My Ajax snippet (using goog.net.XhrIo class): var initialHTMLContent =…

ruby-on-rails google-closure-library authenticity-token

asked Jun 29 '10 at 13:26

Shripad Krishna

10,463
4
52
65

votes

7 answers

Invalid Auth Token with Rails, Graphql, Apollo Client

I am trying to get a basic Rails, Graphql, Apollo-Client setup working but having trouble with 422 errors 'invalid auth token' on the rails side. Does my use of apollo look wrong? It is a Rails 5 app with graphql gem and apollo client. const…

ruby-on-rails graphql authenticity-token apollo-client

asked Mar 10 '17 at 17:08

dnewman

votes

2 answers

Rails How to send an Authenticity Token in an Ajax Request without a form involved?

For several reasons I need to send a post request to a controller via Ajax and I can't do it involving a form, it has to be a JS Ajax request written inside a file in assets > javascript or between tags. I've written a function which seems to pass…

jquery ruby-on-rails ajax authenticity-token

asked Jan 20 '17 at 05:07

alopez02

1,524
2
17
36

votes

2 answers

Rails 4 authenticity token - both in header and form hidden input?

I'm attempting to get full page caching in Rails but I've hit a big of a snag with regards to CSRF - or perhaps just my understanding of it. I currently have the form_authenticity_token string stored in a cookie that JS can access and rewrite the…

ruby-on-rails ruby forms csrf authenticity-token

asked Apr 25 '16 at 21:12

SnakeWasTheNameTheyGaveMe

2,522
2
28
70

votes

2 answers

Rails - Catch 'Invalid Authenticity Token' exception

I'm currently using RESTful Authentication plug-in on my rails application. There is a typical scenario when a user stays at login screen for enough time (let's say 1 day..) that makes the authentication token invalid due to time expire. When this…

ruby-on-rails exception authenticity-token expired-sessions

asked Dec 30 '09 at 16:26

user162972

2 3 4 5 6 Next