Can not edit or create new records in rails admin

[mihaj]

I have a problem with crating and updating records with rails_admin. For update I get the 404 error, where POST actions is not found:
{"status":404,"error":"Not Found","exception":"#\u003cActionController::RoutingError: No route matches [POST] \"/admin/api_key/1/edit\"....

But if i look in the routes file, i see it's registered at PUT method.

For creating new record i get:
{"status":422,"error":"Unprocessable Entity","exception":"#\u003cActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken\u003e","traces":{"Application Trace":[],"Framewor....

my config file:
RailsAdmin.config do |config| config.actions do dashboard # mandatory index # mandatory new export bulk_delete show edit delete show_in_app end end

my route setting:
Rails.application.routes.draw do mount RailsAdmin::Engine => '/admin', as: 'rails_admin'

[saravanabalagi]

I'm getting the same too, and I think this happened after I upgraded my gems, try reverting to older version

[saravanabalagi]

Yep, the problem is on 1.1.1; I reverted back to 1.1.0 and no errors encountered :)
But there's a need to find why its happening in the new version!

[mshibuya]

Not reproducible here, can you make the problem happen by using brand-new Rails app?

[ss44]

Just installed a fresh rails instance, and was able to replicate same issue. Rolling back to 1.1.0 resolved it for me also.

Using papertrail and devise if that helps any?

[amicming]

I just did fresh rails instance with papertrail and devise and I can create new record. I'm not able to reproducible.

[siklodi-mariusz]

I am having the same issue with 1.1.1 and going back to 1.1.0 solves the problem but as stated here, it's recommended to upgrade to 1.1.1 because 1.1.0 is known to have CSRF vulnerability.

[juanibiapina]

I can also reproduce it with a fresh Rails app using --api.

Removing protect_from_forgery with: :exception from the rails admin controller solves the put problem, though it obviously disables it (and I'm editing the gem directly).

The delete problem still persists though.

[tinbka]

Also reported here: rails/rails#21948 (comment)
I doubt it's Rails core issue, though, as it would have been fixed in newer versions otherwise.

[juanibiapina]

The rails core issue seems to happens when you close the page and open again, so it might be unrelated.

[tinbka]

I've considered it, of course, as well as the secondary calls (e.g. pjax) that may be recreating the token, and two users accessing the same site with the same admin_user.id.
I'll dig it deeper when I have time.

[tinbka]

Fixed this by one or both of:

• upgrading to Rails 5.1
• implementing nginx real_ip module so that request.ip is always equal to request.remote_ip

[juanibiapina]

I have rails 5.1.1 and no nginx.

[lesliev]

I just upgraded from Rails 5.0.0 to 5.1.0 because of this error and the problem still persists (in development). I'm running Puma locally not Nginx.

Adding new records:

Started POST "/admin/stage/new" for 127.0.0.1 at 2017-08-21 12:13:54 +1200
Processing by RailsAdmin::MainController#new as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"RkH23gF/ocCmYnElCXn6TWxoAKjlK/5labIKyuwSnpDlu1feS4XNYVQC8XP2ZJFoEP+nAyHkBLnTCWKBvx5PHA==", "stage"=>{"solution_id"=>"", "step"=>"", "title"=>"", "goals"=>"", "resources"=>"", "duration_days"=>"", "locked"=>"0"}, "return_to"=>"http://localhost:5000/admin/stage", "_save"=>"", "model_name"=>"stage"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)```

Editing existing records:
```Started POST "/admin/feed_post/1/edit" for 127.0.0.1 at 2017-08-21 12:21:50 +1200
  
ActionController::RoutingError (No route matches [POST] "/admin/feed_post/1/edit"):
  
actionpack (5.1.3) lib/action_dispatch/middleware/debug_exceptions.rb:63:in `call'
rollbar (2.14.1) lib/rollbar/middleware/rails/show_exceptions.rb:22:in `call_with_rollbar'
actionpack (5.1.3) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'

Downgrading to RailsAdmin 1.1.0 solved the first issue but not the second - I still can't update records.

rails routes shows this:

  dashboard GET         /                                      rails_admin/main#dashboard
      index GET|POST    /:model_name(.:format)                 rails_admin/main#index
        new GET|POST    /:model_name/new(.:format)             rails_admin/main#new
     export GET|POST    /:model_name/export(.:format)          rails_admin/main#export
bulk_delete POST|DELETE /:model_name/bulk_delete(.:format)     rails_admin/main#bulk_delete
bulk_action POST        /:model_name/bulk_action(.:format)     rails_admin/main#bulk_action
       show GET         /:model_name/:id(.:format)             rails_admin/main#show
       edit GET|PUT     /:model_name/:id/edit(.:format)        rails_admin/main#edit
     delete GET|DELETE  /:model_name/:id/delete(.:format)      rails_admin/main#delete
show_in_app GET         /:model_name/:id/show_in_app(.:format) rails_admin/main#show_in_app

• so it does seem like the edit action should be a PUT not a POST.

UPDATE:
I switched to the Administrate gem and had the same issues! The authenticity_token issue was caused by Rails Api leaving out the cookie store, I was able to fix this by adding some lines to application.rb:

config.session_store :cookie_store
config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options

The routing issue was caused by the MethodOverride Rack middleware being left out - so when Rails receives forms with the hidden _method parameter set to PATCH it doesn't act on that. To fix that I added this to application.rb:

config.middleware.use ::Rack::MethodOverride

These workarounds work with both Administrate and RailsAdmin 1.2.0.

[terry90]

@lesliev Dude, you saved my day.
This solution works for both issues as advertised ! Thanks a lot.

[mshibuya]

Fixed by #3006.

[davideluque]

I had this issue and adding config.middleware.use ::Rack::MethodOverride to the application.rb did not work for me.

This issue was present in my recently deployed production server (nginx+puma+rails), SSL enabled.

I fixed this by adding proxy_set_header X-Forwarded-Proto https; to the Nginx site configuration, like this:

location @puma {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto https;
  proxy_redirect off;

  proxy_pass http://puma;
}

This also solved getting "connection not secure" in Chrome even though my certificate was valid. It's not a rails_admin problem but it was raising up there.

My settings
Rails API only.
Rails 5.2.3
rails_admin 1.4.2