Rails4 ActionController::InvalidAuthenticityToken error

前端 未结 6 2295
醉酒成梦
醉酒成梦 2021-02-13 00:07

I have Rails4 application running in production, and my visitors run occasionally into ActionController::InvalidAuthenticityToken error, which I cant reproduce. I get 2-4 daily

6条回答
  •  别那么骄傲
    2021-02-13 00:27

    I have the same issue as of now. I have been poking around and I noticed that if I turn cookies off (block the domain to be able to use cookies) I will run into a ActionController::InvalidAuthenticityToken everytime I do a POST.

    So the user has JS enabled but does not allow cookies.

    AFAIK the anti-CSRF token in Rails is sent as a session cookie server side, and then fails since the cookie could not be set.

提交回复
热议问题