Search Results

Search found 15 results on 1 pages for 'invalidauthenticitytoken'.

Page 1/1 | 1 

  • ActiveRecordStore InvalidAuthenticityToken

    - by Andy
    I have recently been using cookie store and I want to transition to active record store. However I keep getting an invalid authenticity token. After deleting my cookies, I was able to access the page just fine, but I don't want all my users to come to my page, get a huge error and then figure out that I want them to delete their cookies. So I made a function called delete cookies: after_filter :delete_cookie def delete_cookie puts "deleting cookies" cookies.to_hash.each_pair do |k, v| puts k cookies.delete(k) end end In application controller, but it doesn't seem to be working correctly. I still see my cookie after visiting any page. I feel like there really should be a better solution but I can't seem to find any so far. Any hints?

    Read the article

  • ActionController::InvalidAuthenticityToken: verified with authentication token on the form!

    - by goodwill
    I don't know why it happens but my form for some reason does not post properly. I am very sure the form contains the required authentication token: <form action="/account/complete_verify_email/4df78710-e27b-4527-bd2d-71cd2e9a1271" method="post"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="341b07dfa682ed11a045e19956e2e3f5f499e8cb"></div> <input id="password" name="password" type="password"> <input name="commit" type="submit" value="Continue"> </form> Note the authenticity_token is there. What happened? And YOU KNOW WHAT? Quitting Safari and restart again solved the issue... but I can't think of what kind of intermittent behaviour could cause such problem.

    Read the article

  • InvalidAuthenticityToken for JQuery despite setting authenticity token

    - by user117046
    I'm getting an InvalidAuthenticityToken despite adding in corresponding authenticity tokens in the jquery response. Is there an error in the code, or is there another, root problem? I appreciate any comments. Thanks! Using: Rails 2.3.3, Ruby 1.8.6, Webrick, JQuery 1.3.2 layout/networks.html.haml = token_tag = javascript_tag "window.AUTH_TOKEN = '#{form_authenticity_token}';" javascripts/application.js $(document).ready(function() { // All non-GET requests will add the authenticity token // if not already present in the data packet $(document).ajaxSend(function(event, request, settings) { if (typeof(window.AUTH_TOKEN) == "undefined") return; // <acronym title="Internet Explorer 6">IE6</acronym> fix for http://dev.jquery.com/ticket/3155 if (settings.type == 'GET' || settings.type == 'get') return; settings.data = settings.data || ""; settings.data += (settings.data ? "&" : "") + "authenticity_token=" + encodeURIComponent(window.AUTH_TOKEN); }); ajaxLinks(); }); The rendered html has: <input name="authenticity_token" type="hidden" value="ZaXj3ACQl+8JKtaDAUoxtSsqzEagSPyHbS25ai9qWCw=" /> <script type="text/javascript"> //<![CDATA[ window.AUTH_TOKEN = 'ZaXj3ACQl+8JKtaDAUoxtSsqzEagSPyHbS25ai9qWCw='; //]]> </script> and breakpointing through, shows that window.AUTH_TOKEN has been set. Any help to resolve this would be great.

    Read the article

  • ActiveRecordStore ruby

    - by Andy
    I've had two previous questions about active record store that all came down to the same thing. Here's what I want: I want to access the session at any time and see who is online right now and access their session variable from anywhere. I need this because: Users are separated into groups. If one person logs in he receives an api token that I receive from some third party site. If a person from the same group logs in he needs to have that same api token in his session. I cannot regenerate new api tokens on a per call basis. I think active record store is a perfect solution for me, however, I have a problem implementing it!!! InvalidAuthenticityToken keeps getting thrown because I used to use the default cookie store. Thus I made this script to delete cookies but it does not seem to work: In application controller after_filter :delete_cookie def delete_cookie puts "deleting cookies" cookies.to_hash.each_pair do |k, v| puts k cookies.delete(k) end end The only other response I got was to remove protect from forgery. http://stackoverflow.com/questions/2941664/activerecordstore-invalidauthenticitytoken

    Read the article

  • Commenting out protect_from_forgery

    - by Andy
    Hi, I was trying to use active record store but I kept getting an invalid authenticity token. Someone told me to remove my protect_from_forgery from application controller. I know that this would remove all auth tokens but I'm not sure if this is a good idea. Does active record store not need auth tokens? By the way, all I need is a way to dynamically calculate the number of users online and their session variables. If there is a better way than using active record store it would be nice to know.

    Read the article

  • Rails choking on the content of this request because of protect_from_forgery

    - by randombits
    I'm trying to simply test my RESTful API with cURL. Using the following invocation: curl -d "name=jimmy" -H "Content-Type: application/x-www-form-urlencoded" http://127.0.0.1:3000/people.xml -i Rails is dying though: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): :8:in `synchronize' Looks like it's running this through a protect_from_forgery filter. I thought protect_from_forgery is excluded for non-HTML HTTP POST/PUT/DELETE type requests? This is clearly targeting the XML format. If I pass actual XML content, it works. But my users will be submitting POST data as URL encoded parameters. I know all the various ways I can disable protect_from_forgery but what's the proper way of handling this? I want to leave it on so that when I do have HTML based forms and handle format.html, I don't forget to re-enable it for then. I want users to be able to make HTTP POST requests to my XML-based API though and not get bombarded with this.

    Read the article

  • Rails app returns HTTP 422 for new ServerAlias - Internet Explorer only

    - by Snips
    I have a long-standing Rails app running on Mac OS X (apache2). The set-up uses Apache virtual hosts and Passenger. The Rails app also uses HTTP Basic Authentication. I need to migrate the app from one url domain to another - with some overlap of both domain names being accessible simultaneously for a period. To do this, I've added the new domain name as a ServerAlias of the existing domain name in the Passenger Virtual Host config. I can now Browse the Rails app using both the legacy url, and the new url from any of Safari, Chrome, Firefox, or Internet Explorer. I can also 'HTTP post' updates to the Rails app using Safari, Chrome, or Firefox. All good. Except, attempts to post updates from Internet Explorer result in the Rails app rejecting the update, The Rails app log contains the message, ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): I have other domains & aliases working just fine on this same machine. Any suggestions as to what is causing the Rails app to reject posts from IE would be appreciated.

    Read the article

  • RMagic Error in rails, with AM Charts

    - by Elliot
    Hi Everyone, I'm using AMCharts and rails. AMCharts uses the Image Magic lib to export an image of the chart. In rails this is done with the gem, RMagic. In a controller this is implemented with the following controller method: def export width = params[:width].to_i height = params[:height].to_i data = {} img = Magick::Image.new(width, height) height.times do |y| row = params["r#{y}"].split(',') row.size.times do |r| pixel = row[r].to_s.split(':') pixel[0] = pixel[0].to_s.rjust(6, '0') if pixel.size == 2 pixel[1].to_i.times do (data[y] ||= []) << pixel[0] end else (data[y] ||= []) << pixel[0] end end width.times do |x| img.pixel_color(x, y, "##{data[y][x]}") end end img.format = "PNG" send_data(img.to_blob , :disposition => 'inline', :type => 'image/png', :filename => "chart.png?#{rand(99999999).to_i}") end When the controller is accessed however, I receive this error in the page: The change you wanted was rejected. Maybe you tried to change something you didn't have access to. And this error in the logs (its running on heroku btw): ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): /home/heroku_rack/lib/static_assets.rb:9:in `call' /home/heroku_rack/lib/last_access.rb:25:in `call' /home/heroku_rack/lib/date_header.rb:14:in `call' thin (1.0.1) lib/thin/connection.rb:80:in `pre_process' thin (1.0.1) lib/thin/connection.rb:78:in `catch' thin (1.0.1) lib/thin/connection.rb:78:in `pre_process' thin (1.0.1) lib/thin/connection.rb:57:in `process' thin (1.0.1) lib/thin/connection.rb:42:in `receive_data' eventmachine (0.12.6) lib/eventmachine.rb:240:in `run_machine' eventmachine (0.12.6) lib/eventmachine.rb:240:in `run' thin (1.0.1) lib/thin/backends/base.rb:57:in `start' thin (1.0.1) lib/thin/server.rb:150:in `start' thin (1.0.1) lib/thin/controllers/controller.rb:80:in `start' thin (1.0.1) lib/thin/runner.rb:173:in `send' thin (1.0.1) lib/thin/runner.rb:173:in `run_command' thin (1.0.1) lib/thin/runner.rb:139:in `run!' thin (1.0.1) bin/thin:6 /usr/local/bin/thin:20:in `load' /usr/local/bin/thin:20 Rendering /disk1/home/slugs/149903_609c236_eb4f/mnt/public/422.html (422 Unprocessable Entity) Anyone have any idea what's going on here?

    Read the article

  • Uploadify and rails 3 authenticity tokens

    - by Ceilingfish
    Hi chaps, I'm trying to get a file upload progress bar working in a rails 3 app using uploadify (http://www.uploadify.com) and I'm stuck at authenticity tokens. My current uploadify config looks like <script type="text/javascript" charset="utf-8"> $(document).ready(function() { $("#zip_input").uploadify({ 'uploader': '/flash/uploadify.swf', 'script': $("#upload").attr('action'), 'scriptData': { 'format': 'json', 'authenticity_token': encodeURIComponent('<%= form_authenticity_token if protect_against_forgery? %>') }, 'fileDataName': "world[zip]", //'scriptAccess': 'always', // Incomment this, if for some reason it doesn't work 'auto': true, 'fileDesc': 'Zip files only', 'fileExt': '*.zip', 'width': 120, 'height': 24, 'cancelImg': '/images/cancel.png', 'onComplete': function(event, data) { $.getScript(location.href) }, // We assume that we can refresh the list by doing a js get on the current page 'displayData': 'speed' }); }); </script> But I am getting this response from rails: Started POST "/worlds" for 127.0.0.1 at 2010-04-22 12:39:44 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (1.0ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (6.6ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (12.2ms) This appears to be because I'm not sending the authentication cookie along with the request. Does anyone know how I can get the values I should be sending there, and how I can make rails read it from HTTP POST rather than trying to find it as a cookie?

    Read the article

  • Ruby on Rails Invalid Authenticity Token when using IE

    - by Jaan J
    Hi, well for some strange reason IE gives me and InvalidAuthenticityToken error almost every time a POST query is used. Seems to be that IE does not like the "/" and "=" characters sometimes found in authenticity_token. So I wondered if anyone has actually found a solution to this? More strange is that no other browser seems to behave that way. Thanks in advance.

    Read the article

  • protect_from_forgery & Unobtrusive Javascript

    - by Matt Grande
    Hi all, I have some javascript making an ajax call in my Rails site: $.ajax({type: "PUT", url: url, data: { dummy: data }, complete: function(data) {}}); When Rails gets it, it throws back an ActionController::InvalidAuthenticityToken Error. I'd like to keep the protect_from_forgery stuff in there, if possible... But I'm at a loss for how can I pass the auth token from a javascript file? Can anyone help me out?

    Read the article

  • Devise / Rails 4 Windows mobile authentication failure

    - by Nic Willemse
    Im using devise with a rails 4 application. Authentication works fine on most devices, including some old feature phones. I am however running into problems with the Nokia Lumia. Please see log snippet below. By the looks of things this appears to be a rails issue rather than a devise problem. Please Help! 014-05-30T09:47:38.668478+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.668505+00:00 app[web.1]: Started POST "/users/sign_in" for 197.111.223.249 at 2014-05-30 09:47:38 +0000 2014-05-30T09:47:38.672961+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.672968+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML 2014-05-30T09:47:38.674163+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.673021+00:00 app[web.1]: Parameters: {"utf8"="?", "authenticity_token"="Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"={"email"="", "password"="[FILTERED]", "remember_me"="0"}, "commit"="Sign in"} 2014-05-30T09:47:38.673027+00:00 app[web.1]: Parameters: {"utf8"="?", "authenticity_token"="Ckyw9vAfxbgksugLMainfWoG2jRdq7GB5xBBGxqYhCs=", "user"={"email"="", "password"="[FILTERED]", "remember_me"="0"}, "commit"="Sign in"} 2014-05-30T09:47:38.674170+00:00 app[web.1]: Can't verify CSRF token authenticity 2014-05-30T09:47:38.677792+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.677799+00:00 app[web.1]: Completed 422 Unprocessable Entity in 5ms 2014-05-30T09:47:38.683294+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 2014-05-30T09:47:38.683299+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:170:in handle_unverified_request' 2014-05-30T09:47:38.683289+00:00 app[web.1]: 2014-05-30T09:47:38.683298+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:163:inhandle_unverified_request' 2014-05-30T09:47:38.683303+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.1/lib/action_controller/metal/request_forgery_protection.rb:177:in verify_authenticity_token' 2014-05-30T09:47:38.683305+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.1/lib/active_support/callbacks.rb:417:in_run__3672081613755604432__process_action__callbacks' Form : <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => {:class => "form-signin"}) do |f| %> <h2 class="form-signin-heading">Sign in</h2> <%= devise_error_messages! %> <div><%= f.label :email %><br /> <%= f.email_field :email, :autofocus => true, :class=> "form-control" %></div> <div><%= f.label :password %><br /> <%= f.password_field :password , :class=> "form-control"%></div> <% if devise_mapping.rememberable? -%> <div><%= f.check_box :remember_me, :class=> "form-control"%> <%= f.label :remember_me %></div> <% end -%> <div><%= f.submit "Sign in" ,:class => "btn btn-lg btn-primary btn-block"%></div> <input name="authenticity_token" type="hidden" value="<%= form_authenticity_token %>"/> <%= render "devise/shared/links" %> <% end %>

    Read the article

  • App session cookie not being created in Rails, sporadically

    - by James
    Hi everyone, This is an issue sporadically for very few users, however we haven't been able to replicate it. However I have now got a Chrome instance (Mac) which is reproducing the error (for some unknown reason), and I hope to not restart it until I have this nailed! Rails application, using memcached for session store. While the bug manifests in the _app_session_id cookie not being created, our javascript-generated cookie test and app-generated language cookies are being created successfully. This means that InvalidAuthenticityToken errors are thrown for every form that is submitted by those afflicted - people can't log into the app. The error occurs across all browsers - had reports for IE7 and Firefox (which most users use). Switching to another browser often fixes the issue (though not always), and standard cache-cookie-clear tactics do not. So now that I have got Chrome open which is having the same issue - in development, staging and live environments (meaning http and https). All other browsers are fine. I've restarted the servers and restarted memcached. I don't really want to restart Chrome - in the risk that the issue does go away with that (having said that, it hasn't worked for users). I've been tcpdumping the requests - and although I'll keep digging, I'd love it if anyone had any suggestions, places to start looking, anything. This is really painful ;) Thanks!

    Read the article

1