authenticity-token

Rails InvalidAuthenticityToken with HTTPS + ELB

こ雲淡風輕ζ 提交于 2021-02-08 05:38:46
问题 I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_token and they are in fact different. The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put

Rails InvalidAuthenticityToken with HTTPS + ELB

风流意气都作罢 提交于 2021-02-08 05:38:40
问题 I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_token and they are in fact different. The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put

POST request done with Authenticity Token, but exception still rased

对着背影说爱祢 提交于 2019-12-23 04:04:46
问题 My controller is responding to a js GET request, and in my js.erb file I am reporting back with the Fingerprint2 generated browser data of the users browser. This is done with a POST request, because of the large data string, so I have inserted a beforeSend method that adds the Authenticity Token. However, this is rejected with ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken . When I check, the header looks like it does in the GET requests that succeed:

POST request done with Authenticity Token, but exception still rased

你离开我真会死。 提交于 2019-12-23 04:04:04
问题 My controller is responding to a js GET request, and in my js.erb file I am reporting back with the Fingerprint2 generated browser data of the users browser. This is done with a POST request, because of the large data string, so I have inserted a beforeSend method that adds the Authenticity Token. However, this is rejected with ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken . When I check, the header looks like it does in the GET requests that succeed:

Invalid Auth Token with Rails, Graphql, Apollo Client

瘦欲@ 提交于 2019-12-21 02:30:54
问题 I am trying to get a basic Rails, Graphql, Apollo-Client setup working but having trouble with 422 errors 'invalid auth token' on the rails side. Does my use of apollo look wrong? It is a Rails 5 app with graphql gem and apollo client. const csrfToken = document.getElementsByName('csrf-token')[0].content const client = new ApolloClient({ networkInterface: createNetworkInterface({ uri: '/graphql', credentials: 'same-origin', headers: { 'X-CSRF-Token': csrfToken } }), }); client.query({ query:

Work with authenticity token? Or disable it?

自作多情 提交于 2019-12-11 10:22:35
问题 My mini-web-appliance will submit data samples to a RoR app, which will add them to a MySQL table. I figured out how to form the POST data packet, but what I don't get is how to avoid the authenticity-token problem. Is there a way for my little dumb client to grab the right token and send it back? (I'm guessing not, or it wouldn't be much of a security feature). This is not a highly security-sensitive application, so should I just tell this page to ignore the authentity-token altogether? It

Authenticity_token in Rails + Android

▼魔方 西西 提交于 2019-12-10 13:48:17
问题 I am developing an Android application that communicates with a rails server. I don't want to ignore the authenticity_token but I also don't think asking for it is the right answer. What can be done to protect my POST requests? 回答1: It's uncommon to require authenticity tokens when you use an API, as you would for an Android application; this is because authenticity tokens are generated to protect against cross-site request forgery attacks, which are only possible with a session... and

Rails request forgery protection settings

我是研究僧i 提交于 2019-12-06 05:07:46
问题 please help a newbie in Rails :) I have protect_from_forgery call (which is given by default) with no attributes in my ApplicationController class. Basically here's the code: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time protect_from_forgery helper_method :current_user_session, :current_user filter_parameter_logging :password, :password_confirmation What I assume it should do is: it should prevent any POST requests without correct

How do i add the authenticity token?

江枫思渺然 提交于 2019-12-05 20:00:34
问题 I recently switched to Google closure for a new project. I am having trouble adding the authenticity token to the headers in a ajax call. How do i go about it? My Ajax snippet (using goog.net.XhrIo class): var initialHTMLContent = superField[i].getCleanContents(); var data = goog.Uri.QueryData.createFromMap(new goog.structs.Map({ body: initialHTMLContent })); goog.net.XhrIo.send('/blogs/create', function(e) { var xhr = /** @type {goog.net.XhrIo} */ (e.target); alert(xhr.getResponseXml()); },

Rails request forgery protection settings

穿精又带淫゛_ 提交于 2019-12-04 11:28:57
please help a newbie in Rails :) I have protect_from_forgery call (which is given by default) with no attributes in my ApplicationController class. Basically here's the code: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time protect_from_forgery helper_method :current_user_session, :current_user filter_parameter_logging :password, :password_confirmation What I assume it should do is: it should prevent any POST requests without correct authenticity_token . But when I send post request with jQuery like the one below, it works fine (there's
订阅 authenticity-token