0

I was using devise and omniauth to "login with google/yahoo" to a site I'm building. It worked fine, but now I came back some days later and it does not work anymore, it throws this in the logs: WARNING: Can't verify CSRF token authenticity

"login with facebook" works fine.

What could have changed? I don't remember touching anything. Maybe I run bundle install and something changed.

Any ideas on how to fix this?

HappyDeveloper
  • 12,480
  • 22
  • 82
  • 117
  • This is way too broad for the community to help you. Can you provide a way to reproduce the issue? – Nobita Apr 16 '12 at 04:38

1 Answers1

1

CSRF token is something Rails renders into forms on HTML pages. Then when the form is submitted, the token is checked against your session. Yahoo won't have a session to check, you probably need to have the Yahoo callback provide a key that you can check explicitly, in the callback it invokes, and then skip_before_filter :verify_authenticity_token for it.

Joshua Cheek
  • 30,436
  • 16
  • 74
  • 83
  • Thanks, skipping the csrf validation helped me see a different error. I created a new post for this: http://stackoverflow.com/questions/10173833/devise-omniauth-failure-how-to-debug-it – HappyDeveloper Apr 16 '12 at 12:12