Im implementing the oauth login using facebook and developing it, and returning after receiving the application (pop-up window), I get the following error:
Failed to authenticate you from Facebook because "Csrf detected."
this is the log:
Start GET "/ users / auth / facebook / callback" for 127.0.0.1 on 2014-01-23 23:59:58 +0100 ActiveRecord :: SchemaMigration Load (0.3ms) SELECT "schema_migrations". * FROM "schema_migrations" (facebook) The initial phase of the callback. (facebook) Authentication failed! csrf_detected: OmniAuth :: Strategies :: OAuth2 :: CallbackError, csrf_detected | CSRF discovered
My user model
class User < ActiveRecord::Base devise :token_authenticatable, :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable, :omniauthable, :omniauth_providers => [:facebook] before_save :ensure_authentication_token has_one :user_settings has_many :predictions has_many :user_leagues has_many :leagues, through: :user_leagues
I have facebook id and my secret in devise.rb
require "omniauth-facebook" OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development? config.omniauth :facebook, ENV["APP_ID"], ENV['FACEBOOK_SECRET']
And I am doing validation through javascript
jQuery -> $('body').prepend('<div id="fb-root"></div>') $.ajax url: "#{window.location.protocol}//connect.facebook.net/en_US/all.js" dataType: 'script' cache: true window.fbAsyncInit = -> FB.init(appId: '123512341234', cookie: true) $('#sign_in').click (e) -> e.preventDefault() FB.login (response) ->
and a list of gems in the install kit
rake (10.1.1) i18n (0.6.9) minitest (4.7.5) multi_json (1.8.4) atomic (1.1.14) thread_safe (0.1.3) tzinfo (0.3.38) activesupport (4.0.0) builder (3.1.4) erubis (2.7.0) rack (1.5.2) rack-test (0.6.2) actionpack (4.0.0) mime-types (1.25.1) polyglot (0.3.3) treetop (1.4.15) mail (2.5.4) actionmailer (4.0.0) activemodel (4.0.0) active_model_serializers (0.8.1) activerecord-deprecated_finders (1.0.3) arel (4.0.1) activerecord (4.0.0) acts_as_votable (0.8.0) addressable (2.3.5) bcrypt-ruby (3.1.2) coderay (1.1.0) better_errors (1.1.0) sass (3.2.13) bootstrap-sass (2.3.2.2) mini_portile (0.5.2) nokogiri (1.6.1) xpath (2.0.0) capybara (2.1.0) certified (0.1.1) ffi (1.9.3) childprocess (0.4.0) coffee-script-source (1.6.3) execjs (2.0.2) coffee-script (2.2.0) thor (0.18.1) railties (4.0.0) coffee-rails (4.0.1) diff-lcs (1.2.5) gherkin (2.12.2) multi_test (0.0.3) cucumber (1.3.10) bundler (1.5.1) hike (1.2.3) tilt (1.4.1) sprockets (2.10.1) sprockets-rails (2.0.1) rails (4.0.0) cucumber-rails (1.4.0) orm_adapter (0.5.0) warden (1.2.3) devise (3.0.4) launchy (2.4.2) email_spec (1.5.0) factory_girl (4.3.0) factory_girl_rails (4.3.0) faker (1.2.0) multipart-post (2.0.0) faraday (0.9.0) hashie (2.0.5) jbuilder (1.0.2) jquery-rails (3.0.4) json (1.8.1) jwt (0.1.11) multi_xml (0.5.5) oauth2 (0.9.3) omniauth (1.2.1) omniauth-oauth2 (1.1.2) omniauth-facebook (1.6.0) pg (0.17.1) rack-cors (0.2.9) rails_serve_static_assets (0.0.2) rails_stdout_logging (0.0.3) rails_12factor (0.0.2) rdoc (3.12.2) rspec-core (2.13.1) rspec-expectations (2.13.0) rspec-mocks (2.13.1) rspec-rails (2.13.1) rubyzip (0.9.9) sass-rails (4.0.1) sdoc (0.3.20) websocket (1.0.7) selenium-webdriver (2.35.1) turbolinks (1.1.1) uglifier (2.1.1)
Rails 4.0.0
Thank you very much for the advanced!