-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rails 5.2 POST to 404 results in 500 due to missing CSRF token #48
Comments
Hello! This is probably related to rails/rails#29742 which moved the protect_from_forgery from the ApplicationController to ActionController::Base in Rails 5.2. Because the
|
I would consider this to be an unhandled bug and will look for a solution when I have time. In the meantime, feel free to send a pull request if any of you already have a fix. |
Hi @yuki24, thanks for the fix! It looks great, however, it seems like a new bug was introduced. If I do
So the
Could you explain what's the motivation? If I remove the newly added |
That's odd. Are you not using action controllers at all? I just tested it with Rails 6.0 and it works fine. $ rails new rambulance48 && cd rambulance48
$ bundle add rambulance
$ rails g rambulance:install
$ vim config/environments/development.rb # update `config.consider_all_requests_local` to `false`
$ rails s
# in other tab:
$ curl -X POST http://localhost:3000/foo Curl's output:
And Rails logs:
|
Interesting, I created new app and it indeed works as expected. No idea what was wrong before. Thanks for the explanation! |
Ok, I tracked down the problem I had. In my example app, I changed
The problem is in commenting out I guess I will used fork your gem because my situation is pretty specific and simply change the rescue block to:
|
…is not loaded addresses an edge case reported on: #48
@adrianhuna I've cut a new release |
It's working without any problems, thanks! |
Hi, I found an issue with POST requests to non-existent endpoints in Rails 5.2 applications. Such requests should result in 404, however, 500 is returned. In Rails 5.1 it works as expected.
I couldn't reproduce it using rspec test, so I am attaching an example Rails application.
https://github.com/adrianhuna/rambulance_example
If you start the server and make request:
curl -X POST http://localhost:3000/foo
you get
In server log you can see that it couldn't handle
InvalidAuthenticityToken
error. However, in an Rails 5.1 app (branchrails_5_1
in the example application), such request results in correct 404 response.The text was updated successfully, but these errors were encountered: