Stack Overflow
Stack Overflow

Questions tagged [authenticity-token]

AuthenticityToken is a feature of Ruby on Rails used to protect against CSRF

81 questions
0
votes
1 answer

rails 6 token authentication still needed?

I take courses on rails 5.x.x and when they used form they add a line for token authentication to protect their site, on the start of the form, like this : But…
ffouquet42
  • 124
  • 13
0
votes
1 answer

uninitialized constant Authlogic::Session::Validation

I'm upgrading a rails 4.2 site to 6.0 and am receiving uninitialized constant Authlogic::Session::Validation when I try to load a form, presumably because the Validation module was removed from Authlogic and some old gem/code is still trying to…
MattPo
  • 36
  • 4
0
votes
1 answer

Form remote: true authenticity_token disappear

If I set remote: true to my form authenticity_token disappear. I have to add authenticity_token: true to my form? What about caching? If I cache the form I have to add authenticity_token: true? Is a problem that authenticity_token is cached? Thank…
Mr McDonald
  • 453
  • 7
  • 16
0
votes
1 answer

Rails authenticity_token cannot be verified when submitting requests to API::V1 module controllers

I've come across a very strange problem with Rails 5. I've two controllers, first as users_controller and second as api/v1/users_controller. Both these controllers have a register action. I am trying to post a form to both these controllers. This…
Manish Singh
  • 53
  • 1
  • 7
0
votes
0 answers

How can invalidate the authenticity token for a signup form after the first POST request is received in rails applications?

My application will create a batch of new accounts on a Pitchfork attack. My application provides a authenticity token when the signup form is viewed. I want to invalidate this token once the first PUT request containing this token arrives, so that…
user2868259
  • 1
0
votes
1 answer

Attaching files in form results in InvalidAuthenticityToken error and UnknownFormat error

I have something weird going on with a form that's supposed to be submitting image files with the Carrierwave gem. Here's the form: <% @post = Post.new %> <%= form_for @post, url: create_post_path(@post), :html => {multipart: true}, remote: true do…
Yuri Gert
  • 103
  • 10
0
votes
1 answer

How to handle the AuthenticityToken value using a HTTP POST request from a RoR application to another RoR application?

I am using Ruby on Rails 3 and I would like to know how to handle the AuthenticityToken value using a HTTP POST request from a RoR application to another RoR application. In this case I aim to submit a sign in form and return the user information in…
user502052
  • 14,803
  • 30
  • 109
  • 188
0
votes
2 answers

overriding rails authenticity_token setting

Submitting a form requires a token which the receiving server has named authenticity_token and is expecting a string that is known only to posting and receiving servers:
Jerome
  • 5,583
  • 3
  • 33
  • 76
0
votes
0 answers

Rails 4 upgrade throwing InvalidAuthenticityToken

My application just upgraded to Rails 4 and we're starting to see random InvalidAuthenticityToken errors. I have done a bunch of investigating but not yet found a solution. Anyone know what happened and how to fix it? Calling out things that…
Marri
  • 33
  • 5
0
votes
1 answer

NameError wile add config.action_view.embed_authenticity_token_in_remote_forms to true

I was working on ajax on my rails app and I got a ActionController::InvalidAuthenticityToken error. and I read this config.action_view.embed_authenticity_token_in_remote_forms allows you to set the default behavior for authenticity_token in…
Kai-Chieh Chan
  • 1
  • 1
0
votes
1 answer

Adde authenticity token manually but it is not verified in backend

I had the <%= csrf_meta_tags %> in my HEAD tag, but I created the form manually, so the authenticity_token hidden field was not getting inserted in my form. So I added the authenticity_token manually:
Victor Ferreira
  • 6,151
  • 13
  • 64
  • 120
0
votes
0 answers

Rails 4 Invalid authenticity token when saving param through link

I have a Message model that has an archived param in my Rails 4 app. In the show view, I have a button_to that sets the archived param to true. This function previously worked before I added Devise and a Mailer to the Message model. Now, when I…
Josiah Palmer
  • 151
  • 1
  • 17
0
votes
1 answer

Rails 4 Login/Sign up using devise during form submission authenticity token error

I have a Project model. There's one-to-many association with the Project model and the Devise User model. I want the users to perform ajax login using Devise before submitting the Projects form data. The Ajax login works fine. But, after the login…
Shouvik Mukherjee
  • 33
  • 4
0
votes
2 answers

In rails 4.2, how to display a form for preview but ensure it cannot be submitted

I'd like to have a a form view that can, depending on circumstances, have submit functionality disabled in a bullet-proof way so that even a clever user could not edit the HTML source (via a browser extension) to re-add the submit button. It seems…
jpw
  • 18,697
  • 25
  • 111
  • 187
0
votes
1 answer

Rails POST Request Invalid Token Authority

I have built a POST request route as: match '/getActivatedFriends', to: 'requests#getActivatedFriends', via: 'post', constraints: { friends_phone_number_csv: /([0-9]+,?)+/ } with action: def getActivatedFriends @results =…
Sauron
  • 6,399
  • 14
  • 71
  • 136
1 2 3 4
5
6