Comments (5)
The Rails-4 autogenerated CSRF-Token metadata in the header looks like this:
<meta content="authenticity_token" name="csrf-param">
<meta content="zBRcZmRkCFO/kKY5l7p+C1MG1MkbFmElJ0i7BeoCVwc=" name="csrf-token">
Maybe the json response should contain a meta-tags dictionary:
{
"div_contents": {
"#main": "....."
},
"meta_tags": {
"csrf-token": "<new token>"
}
}
from rails-ajax.
The "Can't verify CSRF token authenticity" happens sometimes in some POST requests.
I have witnessed it in some automated tests, so it is fully reproducible. I did not have time yet to investigate it further, as it did not seem to alter rails-ajax behavior.
However it is the first time I see a 422 HTTP error linked to it.
Are you using Devise for your authentication mechanism?
As a temporary work-around you can specify to not use rails-ajax for the link or form giving this error by using the :use_rails_ajax => false
option.
from rails-ajax.
No, I'm using the rails 4 native protect_from_forgery with: :exception
helper (in ApplicationController
) along with <%= csrf_meta_tags %>
in the layout.
I have a fixed forked version: https://github.com/S0lll0s/rails-ajax/tree/master/lib/rails-ajax
You should probably modify it to be a little more extensive / expandable though.
I also found that it didn't work with "regular" form submission (via redirect_to
)
from rails-ajax.
Thanks a lot for your contribution!
I will have a look at it soon, add specific tests for it, merge it and deliver a new rails-ajax version (should be beginning of June).
from rails-ajax.
Did you have a chance to test using the fixed forked version on
https://github.com/S0lll0s/rails-ajax/tree/master/lib/rails-ajax?
I did not have time yet to merge the fix. Still in the pipe.
On Sat, Aug 16, 2014 at 3:43 AM, Fabio (f1f5) [email protected]
wrote:
Hey guys having the same exact problem.. But strangely only in FireFox.
Works fine in Safari and Chrome... Seems to be happening on all
controllers. I am using Devise. Happens on reg#CREATE ses#CREATE pretty
much everything involving a POST req..Started POST "/learn-more" for 127.0.0.1 at 2014-08-15 21:34:25 -0400
Processing by WelcomeController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"AL5WuJGPPw9jdsbe2G/ns1C/BKV0u1kp/SJnYc5UmaE=", "learn_more"=> {"full_name"=>"", "email"=>"", "phone"=>""}, "button"=>""}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 6msYou guys know what's causing this? Thanks!!!
—
Reply to this email directly or view it on GitHub
#11 (comment)
.
Muriel Salvan http://muriel.x-aeon.com
Lead Software Developer, Ruby/Rails expert, Founder of X-Aeon Solutions
http://x-aeon.com and Riviera Ruby http://rivierarb.fr/
X-Aeon Solutions http://x-aeon.com
from rails-ajax.
Related Issues (8)
- Rails 4.0 support HOT 4
- Need to add a little API to change the page's title upon refresh using rails-ajax.
- API to refresh SEO meta-tags HOT 1
- Links to external websites should not be handled with Ajax
- Add tests to several dom refreshes in a single call
- Test several JavaScript executions in a single call
- preventing my JS codes from happening when rails-ajax is enabled HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rails-ajax.