Stack Overflow
Stack Overflow

Questions tagged [authenticity-token]

AuthenticityToken is a feature of Ruby on Rails used to protect against CSRF

81 questions
1
vote
1 answer

InvalidAuthenticityToken from form in Rails 5.2

I had a working Rails5.2 application that needed a database restructure to improve the organisation of some tables. Since this change, I've found that some of my forms fails consistently on my local machine with this error:…
JohnP
  • 1,229
  • 6
  • 24
1
vote
1 answer

Redmine / Java native: Update query by script. Clone Fiddler request

I'm doing a script to update several queries that we use in our project everytime we deploy a sprint. I'm trying to replicate the same request that I'm testing on Fiddler, that it is working, in the following…
Agorreca
  • 684
  • 16
  • 31
1
vote
0 answers

ActionController::InvalidAuthenticityToken with devise, rails and docker

I'm getting InvalidAuthenticityToken exception on every post request for my rails 5 app, running in docker container. I'm using devise in application, is this something related to devise or anything else?
Abhishek
  • 93
  • 10
1
vote
1 answer

iPhone image (binary) file post to a Rails app

I am a backend Rails developer of an API. The API must accept an image upload from an iPhone client. My question is what the Content-Type for the entire POST must be to allow the upload and not get trapped by the InvalidAuthenticityToken issue. …
Craig C.
  • 161
  • 2
  • 5
1
vote
1 answer

POST request done with Authenticity Token, but exception still rased

My controller is responding to a js GET request, and in my js.erb file I am reporting back with the Fingerprint2 generated browser data of the users browser. This is done with a POST request, because of the large data string, so I have inserted a…
Cjoerg
  • 1,271
  • 3
  • 21
  • 63
1
vote
1 answer

Jmeter breaks the "authenticity_token" value in two keys due to ampersand present in it

Following value of authenticity_token getting truncated due to ampersand(&) in value. authenticity_token=CUYGx8Wsvc4wVrqdqBSB0ePSvIZnRfh1Qf/XOWnekQc= Due to this POST request is getting failed in Jmeter HTTP format of POST request which got…
Feroz
  • 61
  • 5
1
vote
1 answer

Authenticity_token is missing in custom action

I have a controller where I have a custom action (not part of the RESTful set) to create an association object. The authenticity_token is not added to the form, I assume this is because the action is not part of the RESTful set? How would I add…
Fellow Stranger
  • 32,129
  • 35
  • 168
  • 232
1
vote
1 answer

Should Rails 4 authenticity tokens vary from form to form?

Every form on my home page is showing a different authenticity token. The CSRF meta tag shows yet another authenticity token. Shouldn't they all be the same? I created a new Rails 4 project and all the tokens matched.
Nick Urban
  • 3,568
  • 2
  • 22
  • 36
1
vote
1 answer

Stress/load testing Ruby on Rails apps with Authenticity Tokens

My Ruby on Rails application is mostly contained behind a login page. I'd still like to be able to stress test these pages, as they have some heavy database access. Sending the username and password into a post for my login isn't difficult, but the…
Eric the Red
  • 5,364
  • 11
  • 49
  • 63
1
vote
0 answers

form submit params missing authenticity_token with Cucumber feature only

Is there a simple reason why my form_submits in my Rails 3 app don't generate requests with the authenticity_token set in Cucumber, while they do when run as development (and production)? The app works perfectly, except I get a redirect to the login…
user2135543
  • 11
  • 1
1
vote
3 answers

rails auto_complete plugin. how do i pass authenticity token?

I tried the auto_complete text field in rails 2.3.3 and the server says it denied request because of no authenticity token. I can see that the helper doesn't automatically create a parameter for it. How I can manually do this? And I do not want to…
Jey Geethan
  • 2,235
  • 5
  • 33
  • 60
1
vote
1 answer

Authenticity token not changing in rails 3

My application is built using rails 3 and i have added the csrf_meta_tag in application.html.erb. <%= csrf_meta_tag %> Authenticity token is changing for different users, but the token is same in the entire session i.e its not changing for each put…
anil.n
  • 509
  • 2
  • 5
  • 17
0
votes
1 answer

Internet Explorer causes an Invalid Authenticity Token error

This works in all browsers except IE7 and IE8 ( and probably IE6 ). For some reason it won't respect my Authenticity Token. Any ideas, tips for debugging, workarounds? My standard setup: $(document).ajaxSend(function(event, request, settings) { …
Trip
  • 26,756
  • 46
  • 158
  • 277
0
votes
1 answer

protect_from_forgery and login forms

Reading about how protect_from_forgery works, I came across multiple articles such as this one which explains that the authenticity_token is bound to the user's session. All clear so far. But a question came up, how does protect_from_forgery work…
Iván Cortés
  • 581
  • 1
  • 9
  • 22
0
votes
1 answer

How to fix mismatched csrf authenticity tokens in rails devise forms?

If I am understanding this correctly the input authenticity token should be matching the value above in the head element. When submitting the devise sign up form I get a 422 Unprocessible Entity error. I did delete my master.key and re-ran rails…
InterstellarBrandon
  • 13
  • 3
1 2 3
4
5 6