Rails + omniauth + facebook - csrf detected

Question

I\'m working on logging in a site via existing facebook account. So I registered a facebook application and stored api and secret

Answer 1

I solved this issue when I deleted 'omniauth.rb' because I already have this config below in devise.rb:

  config.omniauth :facebook, ENV["FB_ID"], ENV["FB_SECRET"],
    scope: 'email',
    info_fields: 'email, first_name, last_name',
    image_size: 'large',  # 50x50, guaranteed ratio
    secure_image_url: true

Remember to restart the sever to test.

Answer 2

I had this issue as well, turns out I still had "sandbox" mode enabled in my Facebook application. Sounds like this may be your issue as well :)

If not, could you please post any related log entries?

Answer 3

For me, I needed to add provider_ignores_state: true to my Omniauth config:

config.omniauth :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'], {
  strategy_class: OmniAuth::Strategies::Facebook,
  provider_ignores_state: true
}

This is on omniauth-facebook gem version 1.6.0.

There is more info also at https://github.com/mkdynamic/omniauth-facebook/issues/73