New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does this work for Rails 4? #5

Closed
julescopeland opened this Issue Sep 25, 2014 · 7 comments

Comments

Projects
None yet
4 participants
@julescopeland
Copy link

julescopeland commented Sep 25, 2014

It doesn't seem to work for me...

@jsanders

This comment has been minimized.

Copy link
Owner

jsanders commented Sep 25, 2014

What problem are you running into? Are you on Rails 4.0 or 4.1?

@julescopeland

This comment has been minimized.

Copy link

julescopeland commented Sep 25, 2014

Hi,

It's Rails 4.1.5 (Ruby 2.1.1)

This is the error I get when trying to sign in via an Angular app frontend:

Started POST "/users/sign_in" for 127.0.0.1 at 2014-09-25 16:34:26 +0100
Processing by Devise::SessionsController#create as json
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 3ms

ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken:

It just doesn't seem to do anything...

@jsanders

This comment has been minimized.

Copy link
Owner

jsanders commented Sep 25, 2014

Thanks! I'll look into it.

@julescopeland

This comment has been minimized.

Copy link

julescopeland commented Sep 26, 2014

Hi James,

Finally got the b*****d to work! It was my fault, not yours. Terribly sorry for the distraction...

@loureirorg

This comment has been minimized.

Copy link

loureirorg commented May 3, 2015

Hi @julescopeland , I'm having the same issue (Rails 4.2). How did you solved this?

The only thing that I've found was this official reference from Rails doc's:
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html

But if you do that, you don't need to use this gem, as they are suggesting to disable CSRF verification for JSON data :/

One possibility that I've tried was to add this on my "app.run":

$http.defaults.headers.post["X-CSRFToken"] = $cookies['XSRF-TOKEN'];

But it doesn't worked (at least after this, Angular was sending the CSRFToken, although Rails still generating a "Can't verify CSRF token authenticity" error).

Another possibility (which I doesn't had tested yet), is to create a interceptor like this:

  app.factory('corsInterceptor', ['$cookies', function ($cookies) {
    return {
      'request': function(config) {
        config.headers.common["X-CSRFToken"] = $cookies['XSRF-TOKEN'];
      }
    };
  }]);
...
  app.config([..., function (...) {
  ...
  $httpProvider.interceptors.push('corsInterceptor');
  ...
  }]);

But I'm curious: what do you did to solve this problem?

@julescopeland

This comment has been minimized.

Copy link

julescopeland commented May 8, 2015

This was a very long time ago, so my memory is hazy, but I think it was due to a weird config error...

Iirc, it was this line in the environment file:

config.assets.prefix = ""

Took me weeks to figure that one out.

@keo64

This comment has been minimized.

Copy link

keo64 commented Feb 16, 2017

angular
  .module('corsInterceptor', ['ngCookies'])
  .factory(
    'corsInterceptor',
    function ($cookies) {
      return {
        request: function(config) {
          config.headers["X-XSRF-TOKEN"] = $cookies.get('XSRF-TOKEN');
          return config;
        }
      };
    }
  );

It's work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment