verify_authenticity_token has not been defined

Question

Ruby version 2.2.4, Rails version 5.0.0.1.

I'm getting stuck at a part of a tutorial where you test login with curl. I get an error

ArgumentError (Before process_action callback: verify_authenticity_token has not been defined).

I used this code in sessions_controller:

skip_before_action :verify_authenticity_token, :if => Proc.new { |c| c.request.format == 'application/json' }

Does somebody know the answer?

check if ```verify_authenticit_token``` exists in your project and change it to ```verify_authenticity_token``` — Tan Nguyen, Sep 01 '16 at 08:58
Sorry this is not the problem. I forgot the "y" of the word by creating this question. I correct it, thanks — Peter, Sep 01 '16 at 09:28
by the way, in my full project, nowhere is verify_authenticity_token defined. But how and where can I define this method? Is it not in a gem? — Peter, Sep 01 '16 at 09:29
does somebody else has an idea, why I get this Error: ArgumentError (Before process_action callback: verify_authenticity_token has not been defined) ? — Peter, Sep 03 '16 at 01:15
Be sure to not invoke this skip_before_action until protect_from_forgery has been called. Just move it under that in your application controller. — bkunzi01, Jul 14 '20 at 00:55

score 36 · Answer 1 · answered Sep 05 '16 at 08:09

Check if your ApplicationController has a call to protect_from_forgery as follows:

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
end

Essentially calling protect_from_forgery adds verify_authenticity_token to the before_filter list, which you can skip in the other controllers.

Refer to protect_from_forgery documentation for more info.

score 24 · Answer 2 · edited Aug 20 '19 at 09:20

24

After upgrading to Rails 5, I hit this error. I discovered that if skip_before_action is called multiple times with the same method name, this exception will be raised.

My fix was to add the parameter raise: false, to the second time skip_before_filter was called.

So it would look like this in the Application Controller:

skip_before_action :your_method_name, raise: false

edited Aug 20 '19 at 09:20

Rishav Kumar

71
1
3

answered Jan 07 '18 at 07:20

BananaNeil

10,322
7
46
66

score 5 · Answer 3 · answered Feb 21 '19 at 21:31

5

After upgrading to Rails 5 and deploying to Heroku I hit this error. I could not reproduce it in development.

In the API docs the example is given

class ApplicationController < ActionController::Base
  protect_from_forgery unless: -> { request.format.json? }
end

For me, adding the unless: -> { request.format.json? } like the above fixed my stack bomb. raise: false unfortunately did not.

answered Feb 21 '19 at 21:31

0xtobit

1,091
12
14

1

Hi, did that allow unauthenticated access to other routes tho? or does it affect other things? – Dvid Silva Aug 06 '20 at 17:16

score 0 · Answer 4 · edited Aug 10 '21 at 07:02

0

I fixed it by setting: config.action_controller.default_protect_from_forgery = true in config/application.rb

edited Aug 10 '21 at 07:02

StudioTime

22,603
38
120
207

answered Aug 10 '21 at 05:57

Abhishek Tanwar

7
2

score 0 · Answer 5 · edited Jul 25 '22 at 15:56

Just ran into a similar issue and none of these solutions worked for me.

Background: I was re-naming models and controllers to keep the code DRY, I reviewed the files and found that I missed re-naming one of the controllers i.e. the class name was updated but not the file name.

Solution: Update the controller name to match the new class name.

Moral of the story: Cross to 't's and dot you 'i's.

verify_authenticity_token has not been defined

5 Answers5