Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails / Doorkeeper: Can't verify CSRF token authenticity

Tags:

ruby-on-rails

csrf

oauth-2.0

I'm using Rails 3.2 with Doorkeeper gem for providing OAuth 2 API for 3rd party. I keep getting this warning when using my REST API from outside of the app:

WARNING: Can't verify CSRF token authenticity

The client app successfully authenticated via OAuth2. Why do I get this warning, and how to implement this csrf properly for the external API?

like image 796
Alexander Savin Avatar asked Oct 11 '25 08:10

Alexander Savin

2 Answers

Remove protect_from_forgery from your ApplicationController (or remove it for calls to the API).

like image 160
jessecurry Avatar answered Oct 14 '25 01:10

jessecurry

Turn off CSRF protection only for the controller that you want open ... this is safer than removing protect_from_forgery from the ApplicationController. In this case I'm using the create action as an example ... though you can modify to suit your needs.

class MessagesController < ApplicationController
  protect_from_forgery with: :null_session, only: [:create]
  # doorkeeper_for :create
end

Uncomment the doorkeeper line if you are authentication via doorkeeper.

The point is to open up only what needs to be opened up ...

like image 32
King'ori Maina Avatar answered Oct 14 '25 02:10

King'ori Maina
Sign in to Comment

Related questions

Rails 5.1 testing changed attributes Deprecation Warning
Rails. Create Devise users directly from Administrate panel
rails 5: rails c doesn't show line number on error
Rails: Specifing params without value to link_to

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!