1

ERROR MSG: Error: Request failed with status code 500 Stack trace: [42]/</t.exports@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:89311 [42]/</t.exports@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:251725 [42]/</t.exports/</d[h]@http://crdwk.herokuapp.com/packs/bundle-ecc8ea14dbe153e50352.js:1:88311

Ruby version: 2.3

Rails version: 5.1

I have a server-side rendered, client-side hydrated React/Rails app (using gem 'react-rails').

I added the gem 'rack-cors' plus setup in application.rb in order for my requests to work (I'm using axios). However, signing out (a DELETE request) fails and hitting refresh erases the current user. Neither issue occurs locally/in development.

Here's the app: http://crdwk.herokuapp.com

And the repo: https://github.com/English3000/crdwk

learning2017
  • 41
  • 5
  • I prefer to use hyperlink rather than icon for log out. – Ajay Barot Mar 03 '18 at 19:38
  • Do you really expect people to go though bunch of files to find out where you've placed the concerned code ? Your problem is either in the controller or the component, pastes your code here, or add direct links to files – Ben Mar 03 '18 at 20:14

1 Answers1

0

I took a look at my Heroku logs:

Completed 500 Internal Server Error in 8ms (ActiveRecord: 0.0ms)
NoMethodError (undefined method `reset_token' for nil:NilClass):
app/controllers/application_controller.rb:29:in `sign_out'
app/controllers/api/sessions_controller.rb:3:in `destroy'

Given that hitting refresh, the current user does not persist, the issue is the current user somehow isn't getting set.

However, this is not an issue in development. Why would that be?

Looking through my project, the only difference I can find on the backend as compared with a client-side rendered one (which I literally copy & pasted the code for this project from) is this line in application_controller.rb:

skip_before_action :verify_authenticity_token

However, if I comment out this line, when I try to sign up, I get the server error

Started POST "/api/users" for 127.0.0.1 at 2018-03-05 12:16:57 -0800
Processing by Api::UsersController#create as JSON
  Parameters: {"user"=>{"email"=>"", "password"=>"[FILTERED]"}}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken:

This is a result of using gem 'react-rails'. (I don't get this error for my other client-side rendered project.)

There isn't an "authenticity_token" parameter.

I find these two resources: Rails security and Learnetto's how-to.

So I add these two lines of code from the second artilce to my api.js:

const csrfToken = document.querySelector("meta[name=csrf-token]").content;
axios.defaults.headers.common["X-CSRF-Token"] = csrfToken;

Now my web app works with the extra application_controller.rb line commented out. EXCEPT, I can't use the DOM to grab the csrf token for my React Native version, so I now have the same issue for mobile...

learning2017
  • 41
  • 5
  • According to React Native Networking: "The security model for XMLHttpRequest is different than on web as there is no concept of CORS in native apps." So then I don't need to worry about having an authenticity token?? If so, I still need a way for my Rails backend to `skip_before_action :verify_authenticity_token` only for mobile. – learning2017 Mar 06 '18 at 19:35