Rails 4 + omniauth facebook - csrf detected

Question

Rails 4 + omniauth facebook - csrf detected

I am working on my RoR4 application to allow users to log in through an existing facebook account. I registered the facebook application (live and verified version) and saved its api and secret in development.rb . I used omniauth-facebook and invented gems and ran into the " Csrf detected " problem.

My application code is very inspired by this blog: http://sourcey.com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/

I saw the solution from a stackoverflow post from 2 years ago ( Rails + omniauth + facebook - csrf detected ) - but the latest version of omniauth-facebook is much bigger than the published one. In any case, I tried to return to omniauth-facebook gem before version 1.4.1, and I still ran into this problem.

Gems

 oauth2 (1.0.0) omniauth (1.2.2) omniauth-facebook (2.0.1) omniauth-oauth2 (1.3.1)

Ideas?

Error log

 (facebook) Callback phase initiated. (facebook) Callback phase initiated. (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

+6

facebook ruby-on-rails-4 devise omniauth omniauth-facebook

user1818524 Jul 29 '15 at 4:34

source share

1 answer

Sibin xavier · Accepted Answer · 2015-11-13T10:23:12+0000

I have a similar problem with device and omniauth-facebook, but that was my mistake.

I previously added the identifier and secrets of facebook both in the initializer device.rb and omniauth.rb (both are initializers in the config/initializers folder). I deleted these facebook configurations from omniauth.rb and restarted the server and it works.

Please check your device.rb initializers and others related to omniauth.

Maybe it works.

Rails 4 + omniauth facebook - csrf detected

More articles: