New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid Authenticity Token error #75311
Comments
Updated the support thread: |
Is it possible this is related to the module configuration? There are other controllers that are functioning Perhaps @jvcAdHoc may have insight into what's going on |
Skipping the authenticity verification made it so that we could flag search results. This will work for internal team QA, but it's not a viable solution for Production due to security risks. |
2 ideas:
|
Research re #1 from above:
Here's a list of Lighthouse modules scope '/services' do
mount AppsApi::Engine, at: '/apps' #lightouse
mount VBADocuments::Engine, at: '/vba_documents'
mount AppealsApi::Engine, at: '/appeals' #lighthouse
mount ClaimsApi::Engine, at: '/claims' #lighthouse
mount Veteran::Engine, at: '/veteran' #lighthouse
mount VAForms::Engine, at: '/va_forms' #lighthouse
mount VeteranConfirmation::Engine, at: '/veteran_confirmation' #lighthouse
end Here's a list of other modules mount AccreditedRepresentatives::Engine, at: '/accredited_representatives'
mount AskVAApi::Engine, at: '/ask_va_api'
mount Avs::Engine, at: '/avs'
mount CheckIn::Engine, at: '/check_in'
mount CovidResearch::Engine, at: '/covid-research'
mount CovidVaccine::Engine, at: '/covid_vaccine'
mount DebtsApi::Engine, at: '/debts_api'
mount DhpConnectedDevices::Engine, at: '/dhp_connected_devices'
mount FacilitiesApi::Engine, at: '/facilities_api'
mount SimpleFormsApi::Engine, at: '/simple_forms_api'
mount HealthQuest::Engine, at: '/health_quest'
mount IncomeLimits::Engine, at: '/income_limits'
mount MebApi::Engine, at: '/meb_api'
mount Mobile::Engine, at: '/mobile'
mount MyHealth::Engine, at: '/my_health', as: 'my_health'
mount TravelPay::Engine, at: '/travel_pay'
mount VAOS::Engine, at: '/vaos'
mount Vye::Engine, at: '/vye' appeals_api POST/create endpoints:Based on the provided
These endpoints are responsible for various actions related to appeals, decision reviews, evidence submissions, and more within the context of the engine's domain. claims_api POST/create endpoints:From the provided
These endpoints enable various functionalities related to claims, intent to file, power of attorney, and disability compensation, among others, providing validation, submission, and document upload capabilities for veterans through the API. |
PR for creating our |
This is ready to merge. Colin and I are discussing how we might be able to test this now given that we're about to have our staging review. |
Flag input moved to new module, ready for review |
Error is still persisting, is this a frontend issue? Consider manually setting the token (the one in local storage is getting set) -- circle back to verify testing through Postman |
Tried writing an entirely new method and still 403ing... trying to find some other way of testing the endpoint that isn't curl copying request headers (or the frontend). Also wondering if this could be unique to the staging environment.
|
We determined that using the token from the xhr search response works, which is not the token that is being set in local storage. |
Is this a Staging-only issue? Can we use our feature toggle to release to a single user to understand if this is an issue only in Staging? There are no test accounts in Production, but we could use a real personal account to test. But this doesn't require authentication, so we don't necessarily need an account to test in production If we're still seeing issues, re-engage folks on existing Platform support ticket to continue to troubleshoot. |
Summary
Encountering an "Invalid Authenticity Token" error in staging when making a POST request to our recently created flag_accredited_representatives endpoint. Our initial thought was that the csrfToken needs to be included in the request headers. That token should be getting passed now, but the issue is persisting.
Support ticket:
https://dsva.slack.com/archives/CBU0KDSB1/p1707152032413019
Steps to Reproduce
Actual Result
Network request fails with 403 (Invalid Authenticity Token)
Desired Result
200 response
Definition of Done
The text was updated successfully, but these errors were encountered: