ActionController::InvalidAuthenticityToken in RegistrationsController#create

Question

Hi I am using Devise for my user authentication suddenly my new user registration was not working.

this was error I am getting.

ActionController::In         


        

Answer 1

Per the comments in the core application_controller.rb, set protect_from_forgery to the following:

protect_from_forgery with: :null_session

Alternatively, per the docs, simply declaring protect_from_forgery without a :with argument will utilize :null_session by default:

protect_from_forgery # Same as above

UPDATE:

This seems to be a documented bug in the behavior of Devise. The author of Devise suggests disabling protect_from_forgery on the particular controller action that's raising this exception:

# app/controllers/users/registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
  skip_before_filter :verify_authenticity_token, :only => :create
end

Answer 2

For Rails 5 it could be due to the order in which protect_from_forgery and your before_actions are triggered.

I faced a similar situation recently, even though protect_from_forgery with: :exception was the first line in the ApplicationController, the before_action's were still interfering.

The solution was to change:

protect_from_forgery with: :exception

to:

protect_from_forgery prepend: true, with: :exception

There's a blog post about it here http://blog.bigbinary.com/2016/04/06/rails-5-default-protect-from-forgery-prepend-false.html