Thursday, 12 September 2013

Rails 3: Getting CSRF Warning even though authenticity_token exists

Rails 3: Getting CSRF Warning even though authenticity_token exists

On multiple parts of my page I'm receiving WARNING: Can't verify CSRF
token authenticity in my log file, which is resetting my sessions.
However, I have the authenticity tokens:
Started POST "/check_out/shopping_cart_with_authenticated_user" for
10.189.254.5 at 2013-09-12 11:19:02 -0400
Processing by CheckOutController#shopping_cart_with_authenticated_user
as HTML
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"rGcLQAR/s7zRNf2WEqkuD7ar8IXs0alt7szJKSfgLio="}
SESSION VARIABLES ARE: {}
WARNING: Can't verify CSRF token authenticity
and here:
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓",
"authenticity_token"=>"N1F53oN1fTv2Ysg/27biH14dDyTtkm2RinAUqSHwGAs=",
"user"=>{"email"=>"liz@nsdfsdfsdfsry.com",
"password"=>"[FILTERED]"}, "commit"=>"Sign in"}
SESSION VARIABLES ARE: {"current_cart_id"=>55175183,
"_csrf_token"=>"HzPm7DHLslbV76wJ3ahCqPkOO4bv5k5CkjKBe3C9WHE=",
"flash"=>#<ActionDispatch::Flash::FlashHash:0x00000005f1e028
@used=#<Set: {}>, @closed=false, @flashes={},
@now=#<ActionDispatch::Flash::FlashNow:0x00000005e81570
@flash=#<ActionDispatch::Flash::FlashHash:0x00000005f1e028 ...>>>,
"warden.user.user.key"=>["User", [358060],
"$2a$12$VcSeYjhwx6JkgERnlN0clu"], "logged_in_by_password"=>true,
"user_id"=>358060}
WARNING: Can't verify CSRF token authenticity
What's the deal? I'm using Rails generated forms. Here's an example of a
Devise form I'm using:
<%= form_for(resource, :as => resource_name, :url =>
session_path(resource_name)) do |f| %>
<%= token_tag form_authenticity_token %>
<div class="formField"><label for="email">Email
<span>example: jane@example.com</span></label>
<%= f.email_field :email, :autofocus => true, :id =>
"email", :class => "textfield col" %></div>
<div class="formField"><label for="password">Password
<span>is cAsE sEnSiTiVe</span></label>
<%= f.password_field :password, :class => "textfield col"
%></div>
<div><%= f.submit "Sign in", :disable_with => "Signing
in&#8230;".html_safe,:id => 'log_in', :class =>
'button-red-shiny full-width ' %></div>
<% end %>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)