Rails: CSRF token not working but configured

Question

Rails: CSRF token not working but configured

I have a rails 3 application for heroku, and when I send banking information, I get: WARNING: Can't verify CSRF token authenticitybut my CSRF token is configured. https://gist.github.com/anonymous/7081401

$.ajax({ url: '#{credit_cards_path}', 
type: 'POST',
beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', '#{form_authenticity_token}')},
dataType: "json",
data: { cc_uri: response.data.uri, 
        address: $('.address').val()
        // etc ...
      },
success: function(randomobject) {
  window.location = '/products/' + randomobject.value + '/receipt';
  }
});

hero magazines

829962+00:00 app[web.1]: Started POST "/products/2/card" for 100.2.109.97 at 2013-10-21 09:13:03 +0000
835379+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
834929+00:00 app[web.1]: Processing by CreditcardsController#addcard as HTML
834929+00:00 app[web.1]: Parameters: {"state"=>"NY", "id"=>"2"}
604099+00:00 heroku[router]: at=info method=POST path=/products/2/card host=app.herokuapp.com fwd="100.2.109.97" dyno=web.1 connect=1ms service=1781ms status=500 bytes=643
604259+00:00 app[web.1]:
602739+00:00 app[web.1]: Completed 500 Internal Server Error in 1768ms
604259+00:00 app[web.1]: Balanced::BadRequest (Balanced::BadRequest(400)::Bad Request:: POST https://api.balancedpayments.com/v1/customers: request: Invalid field [card_uri] - "None" must be a string URI Your request id is OHMfe86f2883a3011e3980d02a1fe53e539. ):

+4

ruby ruby-on-rails heroku

Alain goldman Oct 21 '13 at 20:02

source share

1 answer

Richard Peck · Answer 1 · 2013-10-25T08:27:30+0000

Maybe you should use #{form_authenticity_token}

According to this source WARNING: It is not possible to verify the CSRF token authentication rails , you should be able to use this code:

headers: {
  'X-Transaction': 'POST Example',
  'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
},

Rails: CSRF token not working but configured

More articles: