Just after a new deploy all POST request started throwing error 422 and "Can't verify CSRF token authenticity."
I rolled back to previous deploy and worked. I suspected an error on the code base (all thou nothing looked strange). So reverted to the exact same code as the build that worked. Push again but didn't help.
Have tried:
Build exact same code as the las deploy that worked.
Different browsers, incognito modes, errase cookies
Change SECRET_KEY_BASE
Restart server
Any advise apreciated.
Using rails 5.0.7.2
It was Rails5 + Heroku + CloudFlare as explained here:
http://til.obiefernandez.com/posts/875a2a69af-cloudflare-flexible-ssl-mode-breaks-rails-5-csrf
"The solution is simple. Make sure you have working SSL and HTTPS on Heroku (or wherever you're serving your Rails application.) Turn Cloudflare SSL to Full mode. Problem solved."
Related
I have been building an app for a few months now, I had it hosted on heroku, and I started making changes to it for a while without pushing to heroku, just working on localhost. I went to push it to heroku and ran into an issue with the asset pipeline not liking a variable in an erb tag. I took it out to get the code pushed, and ran into a bigger issue. Still, a 500 error but the logs now said:
ActionView::Template::Error (FATAL: Peer authentication failed for user "fullstack".
Now, in my research on this issue, I attempted several things, and here are some of my findings.
I did not change the storage.yml or database.yml files at all. The production server is AWS s3 buckets, and they are connected to config.active_storage.service for both the production and development in the config/environments files.
The production user in the database.yml is named fullstack. The development user does not have a username or password. I was able to reset the server with the original username and password, but when I change the production username and reset the server it says
PG::ConnectionBad: fe_sendauth: no password supplied
So I go into the terminal and check the owner of the fullstack database, a few things with that. First I check psql -l to see all databases, and I have a fullstack_test and a fullstack_development, but no fullstack_production, and I think that is normal since rails only generate the dev and test on creation. Those two are owned by my Ubuntu user, sethb. I tried to create a fullstack_production database to see what would happen, and I get this error
PG::ConnectionBad: FATAL: Peer authentication failed for user "fullstack"
When I was researching this, people were saying to change a setting in my pg_hba. I looked into mine and it already had set to: host all all all trust. I have been at this for about 20 hours at this point and I would love to hear if someone has an idea on how to fix this, I don't even know how to proceed with this honestly. Any help would be very much appreciated. I can also provide more info on any logs that I have had if it would help
So an update to the story, a half way solution. I was cloning the full project and aws, and when I went to push to heroku, someone helped me notice that I didn't have a node.js buildpack installed. As soon as I did that and pushed the new version, it worked. I tried rails s -e production, but that still throws a 500 error. This time it's saying application.css isn't present. But that is an issue I think someone has a solution for later. Either way, check your Heroku settings! Thank you
Seth B.
SameSite has finally effected us and it's been a doozy for me.
First I followed this thread: https://github.com/rails/rails/pull/28297, and updated rake and my session_store to set SameSite=none, secure.
That led me to updating puma so that I could run rails locally to test it, and all was well except that our CI/CD failed because having SameSite/Secure in the test environment failed. That was fine enough that I just don't set it to run during automated tests.
So I just did this to make sure that it existed on prod and staging, but wouldn't effect dev/test:
# session_store.rb
if Rails.env.production? || Rails.env.staging?
Rails.application.config.session_store(:cookie_store, key: '_c3_session', same_site: :none, secure: true)
else
Rails.application.config.session_store(:cookie_store, key: '_c3_session')
end
But once that deployed to staging it actually stopped the cookie from coming down at all, so we could not log in.
Finally I installed this gem: https://github.com/pschinis/rails_same_site_cookie. I ran through it locally on http and https and it worked exactly as expected, so I deployed it and it made it through the tests just fine.
Once deployed, the cookie is coming down but is not coming down as SameSite=none or Secure. So I'm left to believe that somewhere somehow in our Elastic Beanstalk config is something overriding this. But no one on my team has been able to give me any direction.
puma -> 4.3.3
rails -> 5.2.6.2
rack -> 2.1.2
Any thoughts?
I am using Rails 4.1 and Ruby 2.1.1 on Ubuntu.
My application is running just fine on the local development environment. When I moved everything to the production environment server, and tried the application URL, I got the following:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
The log file (production.log) has in it something about the migrations, but nothing else.
Where do I get started trying to figure out what this is about?
From original poster:
I followed the instructions and set up an environment variable for the secret_key. It turns out Rails 4.1 cannot read it and this seems to be a known issue. So, I had to put the key directly into secrets.yml and this solved the problem
http://site.com/users/password/new is returning a 404 in production mode but not in development. I am deploying via capistrano and it looks like it's copying the entire site over properly. I tried running the console in production mode on the server and couldn't find anything. Has anyone seen this before?
Since this path works in development and fails in production I would focus on the differences between your environments.
A common issue is that people commit their changes locally, but do not push them to (e.g.) GitHub before deploying with capistrano. Can you ssh into your server and go to the current path and run rake routes there? Try and check if there are differences.
Once you've confirmed that at least the routes on the server are up to date, try checking the production log while accessing /user/password/new. It should be in /shared/log/production.log. You could ssh there and use tail -f production.log to follow the log while you try to access the path.
On a side note, it seems that you are using Devise. There have been similar issues for the user root path. See for example this question. Perhaps this will shed some light on your problem.
Last week I tried to debug with SSL activated in webbrick, but I forget how to restore the settings to default(without SSL). Every time I visit a controller, now it shows:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
And below is the log from the console, can anyone help?
[2011-05-10 07:28:43] INFO WEBrick 1.3.1
[2011-05-10 07:28:43] INFO ruby 1.8.7 (2009-06-12) [universal-darwin10.0]
[2011-05-10 07:28:43] INFO WEBrick::HTTPServer#start: pid=62854 port=3000
[2011-05-10 07:28:58] ERROR bad Request-Line `UQM?x?ΚΎ???????c??B?????n???BU???*???98?5EDf32?A/??'.
I just ran into this same exact problem today. I added config.force_ssl = true to the application.rb file and got the above error. When I removed the line, the error still persisted.
I fixed it by clearing my browser cookies (Chrome in this case) and it works again. It seems the authentication information is saved in the cookie and something i that keeps reverting our requests to HTTPS but does not authenticate correctly so you get that error. Clearing the cookie solves that issue.
I had a similar issue but wasn't able to fix it by clearing cookies on Chrome (nor any other fixes like rake tmp:clear), and ended up switching to using thin with SSL enabled as suggested in this post:
https://stackoverflow.com/a/11614213
Added this to my Gemfile:
group :development do
gem "thin"
end
Then bundle and thin start --ssl.
I had to use rake tmp:sessions:clear (not just rake:tmp:clear) as well as clearing cookies in the browser to fix this issue.
Open Chrome Developer Tools, click and hold "page reload" button, you will see some options,pick "Empty Cache and Hard Reload". Did the trick for me.
Similarly I recieved the same error after adding config.force_ssl = true in my config/locales/application.rb file
To remedy an SSL error, simply edit Rails.application.config.session_store :cookie_store, key: '_app_sessions' in config/initializers/session_store.rb
Changing the '_app_sessions' name to anything else will allow you to start your rails server without ssl and without error