rails protect_from_forgery raises with exception

Question

I have Rails project which is working on production. But on localhost it raises on every POST request with ActionController::InvalidAuthenticityToken. I know what is it. AuthToken is protection from csrf attacks. I have in my application_controller.rb

protect_from_forgery with: :exception #this line raise exception

and csrf_meta_tags present. I have no any problems in other Rails projects with it.

If I remove param with: :exception session will reset after reloading page.

what is the problem?

score 1 · Answer 1 · answered Jan 21 '15 at 05:21

1

Can you try this

protect_from_forgery with: :null_session

answered Jan 21 '15 at 05:21

Jeet

1,350
1
15
32

this param resets session. ```protect_from_forgery``` has param ```with: :null_session``` by default. – Pavel Kalashnikov Jan 21 '15 at 05:24

score 1 · Accepted Answer · answered Jan 21 '15 at 05:22

1

Problem solved!

Project has config in config/environments/development.rb

Rails.application.routes.default_url_options[:host] = 'my_project.dev:3000'

I tried to load project on localhost:3000, but url was my_project.dev:3000.

answered Jan 21 '15 at 05:22

Pavel Kalashnikov

2,092
1
19
22

rails protect_from_forgery raises with exception

2 Answers2

Linked