You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! I'm using a simple app in Rack to forward requests from one server to another server that runs a Rails app, and most requests are working fine except when submitting a form. It's related with the CSRF token.
ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken (Most recent call first)
Hide 85 non-project frames
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/request_forgery_protection.rb line 211 in handle_unverified_request
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/request_forgery_protection.rb line 243 in handle_unverified_request
File /railsapp/vendor/bundle/ruby/2.6.0/gems/devise-4.5.0/lib/devise/controllers/helpers.rb line 255 in handle_unverified_request
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/request_forgery_protection.rb line 238 in verify_authenticity_token
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 426 in block in make_lambda
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 198 in block (2 levels) in halting
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/abstract_controller/callbacks.rb line 34 in block (2 levels) in <module:Callbacks>
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 199 in block in halting
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 513 in block in invoke_before
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 513 in each
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 513 in invoke_before
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 131 in run_callbacks
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/abstract_controller/callbacks.rb line 41 in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/rescue.rb line 22 in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/instrumentation.rb line 34 in block in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/notifications.rb line 168 in block in instrument
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/notifications/instrumenter.rb line 23 in instrument
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/notifications.rb line 168 in instrument
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/instrumentation.rb line 32 in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal/params_wrapper.rb line 256 in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activerecord-5.2.4.1/lib/active_record/railties/controller_runtime.rb line 24 in process_action
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/abstract_controller/base.rb line 134 in process
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionview-5.2.4.1/lib/action_view/rendering.rb line 32 in process
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal.rb line 191 in dispatch
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_controller/metal.rb line 252 in dispatch
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/routing/route_set.rb line 52 in dispatch
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/routing/route_set.rb line 34 in serve
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/journey/router.rb line 52 in block in serve
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/journey/router.rb line 35 in each
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/journey/router.rb line 35 in serve
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/routing/route_set.rb line 840 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-jwt_auth-0.2.1/lib/warden/jwt_auth/middleware/token_dispatcher.rb line 20 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-jwt_auth-0.2.1/lib/warden/jwt_auth/middleware/revocation_manager.rb line 21 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/builder.rb line 176 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar/middleware/rack/builder.rb line 16 in block in call_with_rollbar
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar.rb line 146 in scoped
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar/middleware/rack/builder.rb line 14 in call_with_rollbar
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-jwt_auth-0.2.1/lib/warden/jwt_auth/middleware.rb line 23 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-inflater-0.1.0/lib/rack/inflater.rb line 25 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-attack-6.2.2/lib/rack/attack.rb line 170 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-inflater-0.1.0/lib/rack/inflater.rb line 25 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/deflater.rb line 45 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb line 36 in block in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb line 34 in catch
File /railsapp/vendor/bundle/ruby/2.6.0/gems/warden-1.2.8/lib/warden/manager.rb line 34 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/tempfile_reaper.rb line 17 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/etag.rb line 27 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/conditional_get.rb line 40 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/head.rb line 14 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/http/content_security_policy.rb line 18 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/session/abstract/id.rb line 277 in context
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/session/abstract/id.rb line 271 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/cookies.rb line 670 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/callbacks.rb line 28 in block in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/callbacks.rb line 98 in run_callbacks
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/callbacks.rb line 26 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar/middleware/rails/rollbar.rb line 24 in block in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar.rb line 146 in scoped
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar/middleware/rails/rollbar.rb line 22 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/appsignal-2.8.1/lib/appsignal/rack/rails_instrumentation.rb line 19 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/debug_exceptions.rb line 61 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rollbar-2.18.2/lib/rollbar/middleware/rails/show_exceptions.rb line 22 in call_with_rollbar
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/show_exceptions.rb line 33 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.1/lib/rails/rack/logger.rb line 38 in call_app
File /railsapp/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.1/lib/rails/rack/logger.rb line 26 in block in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/tagged_logging.rb line 71 in block in tagged
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/tagged_logging.rb line 28 in tagged
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/tagged_logging.rb line 71 in tagged
File /railsapp/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.1/lib/rails/rack/logger.rb line 26 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/remote_ip.rb line 81 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/request_id.rb line 27 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/method_override.rb line 24 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/runtime.rb line 24 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.1/lib/active_support/cache/strategy/local_cache_middleware.rb line 29 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/executor.rb line 14 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/static.rb line 127 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-2.1.1/lib/rack/sendfile.rb line 113 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.1/lib/action_dispatch/middleware/ssl.rb line 74 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.1/lib/rails/engine.rb line 524 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/rack-cors-1.1.1/lib/rack/cors.rb line 100 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/puma-3.12.0/lib/puma/configuration.rb line 225 in call
File /railsapp/vendor/bundle/ruby/2.6.0/gems/puma-3.12.0/lib/puma/server.rb line 658 in handle_request
File /railsapp/vendor/bundle/ruby/2.6.0/gems/puma-3.12.0/lib/puma/server.rb line 472 in process_client
File /railsapp/vendor/bundle/ruby/2.6.0/gems/puma-3.12.0/lib/puma/server.rb line 332 in block in run
File /railsapp/vendor/bundle/ruby/2.6.0/gems/puma-3.12.0/lib/puma/thread_pool.rb line 133 in block in spawn_thread
Any clue on how to fix this?
The text was updated successfully, but these errors were encountered:
just a workaround for this case, maybe you can pre-fetch CSRF token, and then submit with form fields
pjmartorell
changed the title
ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken
ActionController::InvalidAuthenticityToken
Feb 3, 2020
I'm already passing the field of authenticity token but it seems that Rails checks other things apart from the token. I don't think it's easy to bypass
Hi! I'm using a simple app in Rack to forward requests from one server to another server that runs a Rails app, and most requests are working fine except when submitting a form. It's related with the CSRF token.
This is the config.ru of the Rack app:
And this the error I'm getting:
Any clue on how to fix this?
The text was updated successfully, but these errors were encountered: