Rails: Unable to validate CSRF token
The My Rails application unexpectedly started producing the following error:
Can't verify CSRF token authenticity ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
I haven't made any changes to the application, so I am completely confused as to what is causing this problem. The complete error log is shown below. I took out the authentication token, but confirmed that the token is valid for the current user (by checking in the console).
2015-05-13T01:44:49.038482+00:00 app[web.1]: I, [2015-05-13T01:44:49.038369 #9] INFO -- : Started POST "/projects?auth_token=xxx" for 76.118.180.235 at 2015-05-13 01:44:49 +0000
2015-05-13T01:44:49.044865+00:00 app[web.1]: I, [2015-05-13T01:44:49.044762 #9] INFO -- : Completed 422 Unprocessable Entity in 1ms
2015-05-13T01:44:49.119991+00:00 app[web.1]: I, [2015-05-13T01:44:49.119893 #9] INFO -- : Processing by SpinsController#create as JSON
2015-05-13T01:44:49.120060+00:00 app[web.1]: I, [2015-05-13T01:44:49.119998 #9] INFO -- : Parameters: {"spin"=>{}, "auth_token"=>"xxx"}
2015-05-13T01:44:49.120537+00:00 app[web.1]: W, [2015-05-13T01:44:49.120469 #9] WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.122935+00:00 app[web.1]: F, [2015-05-13T01:44:49.122841 #9] FATAL -- :
2015-05-13T01:44:49.122938+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.122940+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122941+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.122943+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.122945+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.122946+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122948+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.122949+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.122951+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.122952+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.043562+00:00 app[web.1]: I, [2015-05-13T01:44:49.043425 #9] INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T01:44:49.043630+00:00 app[web.1]: I, [2015-05-13T01:44:49.043582 #9] INFO -- : Parameters: {"project"=>{"name"=>"New Set"}, "auth_token"=>"xxx"}
2015-05-13T01:44:49.044251+00:00 app[web.1]: W, [2015-05-13T01:44:49.044184 #9] WARN -- : Can't verify CSRF token authenticity
2015-05-13T01:44:49.047524+00:00 app[web.1]: F, [2015-05-13T01:44:49.047435 #9] FATAL -- :
2015-05-13T01:44:49.047527+00:00 app[web.1]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2015-05-13T01:44:49.047528+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
2015-05-13T01:44:49.122954+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.122955+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.122957+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.122959+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.122961+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.122962+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.122964+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047530+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
2015-05-13T01:44:49.047532+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/devise-3.4.1/lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
2015-05-13T01:44:49.047534+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
2015-05-13T01:44:49.047535+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:427:in `block in make_lambda'
2015-05-13T01:44:49.122965+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.122968+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.122969+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.122971+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.122973+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.122975+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.122977+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.122979+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.122981+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.123001+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.123002+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.047537+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `call'
2015-05-13T01:44:49.047538+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:163:in `block in halting'
2015-05-13T01:44:49.047540+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `call'
2015-05-13T01:44:49.047541+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:92:in `_run_callbacks'
2015-05-13T01:44:49.047543+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
2015-05-13T01:44:49.047544+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047546+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/callbacks.rb:19:in `process_action'
2015-05-13T01:44:49.123004+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.123005+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.123007+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.123008+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.123009+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.123011+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047547+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rescue.rb:29:in `process_action'
2015-05-13T01:44:49.047549+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
2015-05-13T01:44:49.047550+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `block in instrument'
2015-05-13T01:44:49.047551+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
2015-05-13T01:44:49.047553+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/notifications.rb:164:in `instrument'
2015-05-13T01:44:49.047554+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
2015-05-13T01:44:49.047555+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
2015-05-13T01:44:49.123012+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123013+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123015+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.123022+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.123023+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.123025+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.123026+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.123027+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.123029+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.047556+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
2015-05-13T01:44:49.047557+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/abstract_controller/base.rb:137:in `process'
2015-05-13T01:44:49.047559+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionview-4.2.0/lib/action_view/rendering.rb:30:in `process'
2015-05-13T01:44:49.047560+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:195:in `dispatch'
2015-05-13T01:44:49.047561+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
2015-05-13T01:44:49.047562+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_controller/metal.rb:236:in `block in action'
2015-05-13T01:44:49.047564+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `call'
2015-05-13T01:44:49.047588+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
2015-05-13T01:44:49.123030+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.123031+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.123033+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.123034+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047589+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:42:in `serve'
2015-05-13T01:44:49.047590+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:43:in `block in serve'
2015-05-13T01:44:49.047592+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `each'
2015-05-13T01:44:49.047593+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/journey/router.rb:30:in `serve'
2015-05-13T01:44:49.047594+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/routing/route_set.rb:802:in `call'
2015-05-13T01:44:49.047595+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.047597+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047598+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:186:in `call!'
2015-05-13T01:44:49.123035+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.123037+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047599+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
2015-05-13T01:44:49.047610+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
2015-05-13T01:44:49.047612+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
2015-05-13T01:44:49.047613+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/jquery-fileupload-rails-0.4.4/lib/jquery/fileupload/rails/middleware.rb:10:in `call'
2015-05-13T01:44:49.047614+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:35:in `block in call'
2015-05-13T01:44:49.047616+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `catch'
2015-05-13T01:44:49.047617+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/warden-1.2.3/lib/warden/manager.rb:34:in `call'
2015-05-13T01:44:49.123038+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.123039+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123041+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123042+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.123044+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.123045+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047618+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/etag.rb:24:in `call'
2015-05-13T01:44:49.047620+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/conditionalget.rb:38:in `call'
2015-05-13T01:44:49.047621+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/head.rb:13:in `call'
2015-05-13T01:44:49.047623+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
2015-05-13T01:44:49.047624+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/flash.rb:260:in `call'
2015-05-13T01:44:49.047625+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:225:in `context'
2015-05-13T01:44:49.047627+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/session/abstract/id.rb:220:in `call'
2015-05-13T01:44:49.047628+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/cookies.rb:560:in `call'
2015-05-13T01:44:49.123046+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.123048+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.123049+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.123050+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.047630+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/query_cache.rb:36:in `call'
2015-05-13T01:44:49.123051+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.123053+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.123054+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.123055+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.123056+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047631+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activerecord-4.2.0/lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
2015-05-13T01:44:49.047632+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
2015-05-13T01:44:49.047633+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `call'
2015-05-13T01:44:49.047635+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:88:in `_run_callbacks'
2015-05-13T01:44:49.047636+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
2015-05-13T01:44:49.047637+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/callbacks.rb:81:in `run_callbacks'
2015-05-13T01:44:49.047638+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
2015-05-13T01:44:49.123058+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.123059+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123060+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123062+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.123063+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.123064+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.123065+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047639+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
2015-05-13T01:44:49.047641+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
2015-05-13T01:44:49.047642+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
2015-05-13T01:44:49.047643+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:38:in `call_app'
2015-05-13T01:44:49.047644+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/rack/logger.rb:22:in `call'
2015-05-13T01:44:49.047645+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/actionpack-4.2.0/lib/action_dispatch/middleware/request_id.rb:21:in `call'
2015-05-13T01:44:49.047646+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/methodoverride.rb:22:in `call'
2015-05-13T01:44:49.123067+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.123068+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.123070+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.123071+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.123072+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.123074+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.123076+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'
2015-05-13T01:44:49.123078+00:00 app[web.1]:
2015-05-13T01:44:49.047648+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/runtime.rb:18:in `call'
2015-05-13T01:44:49.123079+00:00 app[web.1]:
2015-05-13T01:44:49.047649+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/activesupport-4.2.0/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
2015-05-13T01:44:49.047650+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/rack-1.6.0/lib/rack/sendfile.rb:113:in `call'
2015-05-13T01:44:49.047651+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/engine.rb:518:in `call'
2015-05-13T01:44:49.047653+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/railties-4.2.0/lib/rails/application.rb:164:in `call'
2015-05-13T01:44:49.047654+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:576:in `process_client'
2015-05-13T01:44:49.047655+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:670:in `worker_loop'
2015-05-13T01:44:49.047656+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
2015-05-13T01:44:49.047657+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/lib/unicorn/http_server.rb:140:in `start'
2015-05-13T01:44:49.047658+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.3/bin/unicorn:126:in `<top (required)>'
2015-05-13T01:44:49.047660+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
2015-05-13T01:44:49.047661+00:00 app[web.1]: vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'
As I'm sure the site was working 3 days ago, I returned the code thinking that there might have been an update for the Gem I was using might have caused this issue. But it didn't seem to fix the problem.
Does anyone else encounter a similar error, and if so, do you know how to fix it? I've already tried several suggestions from various StackOverflow posts to no avail (for example adding to my application_controller.rb "protect_from_forgery with :: null_session")
I currently have the following in my session controller:
class SessionsController < ApplicationController
skip_before_filter :verify_authenticity_token,
:if => Proc.new { |c| c.request.format == 'application/json' }
And I have the following line in my application.html.erb
<%= csrf_meta_tags %>
After some suggestions, I added the following to my application_controller.rb:
before_filter :cor
rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token
def bad_token
Rails.logger.debug("session expired!")
end
private
def cor
headers["Access-Control-Allow-Origin"] = "*"
headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
head(:ok) if request.request_method == "OPTIONS"
end
However, I still get the same error, albeit shorter:
2015-05-13T02:45:26.893689+00:00 app[web.2]: I, [2015-05-13T02:45:26.893643 #6] INFO -- : Parameters: {"spin"=>{}, "auth_token"=>"xxx"}
2015-05-13T02:45:26.895581+00:00 app[web.2]: W, [2015-05-13T02:45:26.893966 #6] WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.895583+00:00 app[web.2]: I, [2015-05-13T02:45:26.894210 #6] INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.728920+00:00 app[web.2]: I, [2015-05-13T02:45:26.728852 #12] INFO -- : Processing by ProjectsController#create as JSON
2015-05-13T02:45:26.729261+00:00 app[web.2]: W, [2015-05-13T02:45:26.729155 #12] WARN -- : Can't verify CSRF token authenticity
2015-05-13T02:45:26.729430+00:00 app[web.2]: I, [2015-05-13T02:45:26.729380 #12] INFO -- : Completed 200 OK in 0ms (ActiveRecord: 0.0ms)
2015-05-13T02:45:26.890043+00:00 app[web.2]: I, [2015-05-13T02:45:26.889933 #6] INFO -- : Started POST "/spins?auth_token=ArpuyxbDyjtyn67r3JgF" for 76.118.180.235 at 2015-05-13 02:45:26 +0000
2015-05-13T02:45:26.888494+00:00 heroku[router]: at=info method=POST path="/spins?auth_token=ArpuyxbDyjtyn67r3JgF" host=spin360-staging.herokuapp.com request_id=5edd715a-a01d-4558-9aa3-7f2c2c3dc927 fwd="76.118.180.235" dyno=web.2 connect=1ms service=8ms status=200 bytes=324
+3
source to share
4 answers
This often happens especially with crawlers or API calls from other applications or ping services (such as pingdom).
To allow cross domain request (if you have API in your website or some other service for external application) you can add this code to your application_controller.rb
# API POST REGUEST ALLOW CROSS DOMAIN
before_filter :cor
def cor
headers["Access-Control-Allow-Origin"] = "*"
headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
head(:ok) if request.request_method == "OPTIONS"
end
If you don't have API this error might have simple expired session problem, just add this code to your application_controller.rb
# Resque form for invalid authentificitytoken
rescue_from ActionController::InvalidAuthenticityToken, :with => :bad_token
def bad_token
flash[:warning] = "Session expired"
redirect_to root_path
end
Better to add second code anyway to check for expired session and not show rails error to user. Showing a generic rails error when ActionController :: InvalidAuthenticityToken confuses people because it is not a site error.
+5
source to share
We run into the same problem and end up using a rack pearl. This allows for great flexibility.
Just add this line to Gemfile
gem 'rack-cors', :require => 'rack/cors'
and then run the command to install the package. There are many configuration options available. For more details https://github.com/cyu/rack-cors
+2
source to share
A bit late for the party, but in case anyone else is looking for a solution.
Are you making a POST request to ProjectsController#create
? If so, try adding
protect_from_forgery with: :null_session, only: [:create]
at the top ProjectsController
. Functionally it should be the same as skip_before_action :verify_authenticity_token
, but not sure if you are inheriting from ApplicationController
. If you want to add your Proc check you can do
protect_from_forgery with: :null_session,
if: Proc.new { |c| c.request.format =~ %r{application/json} }
0
source to share