So I've been at this issue for hours now but cannot figure it out. I've been trying to use the IGDB API using the ruby gem igdb_api but keep getting a 403 Forbidden exception. I'm running the server locally for development at localhost:3000. Here is how I setup my test code:
class PagesController < ApplicationController
def home
...
end
def games
# initialize with api_key
Igdb.connect(ENV['IGDB_API_KEY'])
puts Igdb::Game.count
end
end
I've been trying to use rack-cors to fix this but nothing changes. So I'm not sure if I'm missing something obvious. Any help would be great! Thank you.
I don't think cors is an issue.
CORS basically prevents web-browser from making requests to services outside of current domain.
403 errors means some authorization problems.
I ended up using a different gem for accessing the api, one called igdb_client.
While I then had a SSL_connection error since I'm on Windows, it was easily fixed by following this quick solution here: https://superdevresources.com/ssl-error-ruby-gems-windows/.
Hope it'll help anyone in the future!
Related
I have old project in Rails 5, I have to add Api and it was working fine, 3 days ago, but now it suddenly started to give me ActionController::InvalidAuthenticityToken I have done no changes in any controller related to web, but added few Gems includes rspec-rails, jwt and creating its Api, but suddenly on chrome it is giving me this error.
When I started work I tested and it was working fine, and on Safari browser it works fine. But on Chrome it gives this error. Following line is added in my application, if I disable this error goes, but I think that will make it unsecure.
protect_from_forgery with: :exception, prepend: true
I check few answers where long list that it s old issue, but I am working on many rails project and I never saw this issue! Some post direct me to use https so I also used https but issue for chrome is still there.
Any help
I originally had only a me-too comment.
But with sheer luck, I happen to know the answer.
It is not your code that changes; it's the browsers.
Please check the news related to Same-Site policy changes from Google.
Basically, the cookie is not working in your environment anymore because of changes in the browser, rendering the CSRF token unusable.
You have to config Rails.application.config.session_store in an initializer; unfortunately, there is no one-liner fixed all in this situation; it depends on the environment and situations.
Just put the below the line in your ApplicationController
skip_before_action :verify_authenticity_token
For some reason the session cookie on my app is not being set properly in production. This problem seemed to have just appeared overnight, with no changes on my end that I can think of. There is only one domain involved.
A session cookie is set when I run the app in development on localhost, so there is something strange happening with the server. If I inspect the cookies on the server side, it gives me a list, but the cookie is not being set in the browser. Also, I can manually create a test cookie on the server side, and it shows up on the browser. It's only the session cookie that is not showing up.
I tried changing the session store from memcached to cookiestore, which doesn't seem to have helped - still no session cookie. So I don't think it's the session_store code.
Using Rails 4.0.2 and passenger 4.0.19 with whatever version of nginx it installs. ruby 1.9.3. Any help would be appreciated - I'm completely stumped.
They already fix this in github repo, and is being release at any moment.
Anyway, if someone is in rails2, and still has this bug, or don't want to update Passenger, we could fixed it doing:
class ApplicationController < ActionController::Base
after_filter :set_headers
def set_headers
response.headers["Date"] = "#{Time.now.utc}"
end
end
UPDATE
Here it is the official post explaining what happened.
I've just update Phusion Passenger gem to 4.0.30. it is quite straight forward and has the fix for this bug. Oficial Instruction here
I'm using OmniAuth with Devise to allow users to login with facebook or to create a normal account with a username and password. When I originally set it all up I used the excellent directions from Railscasts. Everything was working very nicely for 2+ months but just the other day the facebook login stopped working. OmniAuth sends you away to the authentication with facebook and then returns with: http://localhost:3000/auth/failure?message=invalid_response
Google has no suggestions on what causes this error or how to fix it and the OmniAuth docs don't either. I've tried digging through their code as well but the only mention of this error I've found is this, in /oa-oauth/lib/omniauth/strategies/oauth.rb:
rescue ::MultiJson::DecodeError => e
fail!(:invalid_response, e)
end
Has anyone ever seen this error!? Know what it is or how to fix it?! This is keeping me from launching this application so any help would be very very appreciated!
Thanks,
JG
I've been running into this error in the same situation. Devise is rescuing an unrelated Exception and handling it as an auth failure. I preempted Devise by handling the exception in the controller:
# authentications_controller.rb
def create
omniauth = request.env["omniauth.auth"]
# Blah
# blah
# Blark!
rescue Exception => e
# Just spit out the error message and a backtrace.
render :text => "<html><body><pre>" + e.to_s + "</pre><hr /><pre>" + e.backtrace.join("\n") + "</pre></body></html>"
For anyone else that finds this via google, heroku_backup_task was the culprit for me. When we add that to our gemfile, OmniAuth decoding fails leading to this error. I assume it's some json conflict.
Not sure why it doesn't happen on 1.9.2, but I can confirm that upgrading to 1.9.2 fixes it, but can cause other issues in your app if all your gems don't play nice, and downgrading heroku appears to be a no-go. I'm going to have to destroy and re-create my app now that I've discovered the issue.
Ok,
I'm not sure why this has worked but it has so I'll post here in the effort to help someone else that ends up with this issue.
I upgraded my app to use ruby 1.9.2 (way of the future!) and bang, it just worked again. No idea why but hey sometimes that's just the way it goes.
Upgrading was really easy though. I was sparked into upgrade action by this dhh tweet & found this and this to be really helpful resources in making sure your 1.8.7 code will work in 1.9.2. Props to heroku as well for making it so easy to upgrade an app.
I have had same problem and, I think I find out the solution.
In Tutorial, RailsCast #235 gives authentications_controller.rb
def create
auth = request.env["rack.auth"]
current_user.authentications.find_or_create_by_provider_and_uid(auth['provider'],
auth['uid'])
flash[:notice] = "Authentication successful."
redirect_to authentications_url
end
but,
auth = request.env["rack.auth"]
is no longer exists in omniouth 0.2.3
auth = request.env["omniauth.auth"]
is correct.
OK, so, sorry to post to such an old question, however having followed the Railscasts tutorial for this I was getting the same error. I have come to the conclusion that the error handling of the omniauth-twitter gem is causing the confusion, because it hides the underlying errors. I solved the problem by adding the omniauth-facebook gem to my app and authenticating with this. This quickly uncovered the root error in my app, which was that I had put the User.create_with_omniauth method into the user controller rather than the model, a newbie error but easy to resolve. My error was easy, and somewhat irrelevant, by using the facebook gem, the error handling allowed me to understand the problem and resolve quickly. If you are struggling with this problem, try facebook or another provider and see if you can get to the root problem more easily, and certainly avoiding some of the more complex issues such as upgrades to ruby!
I'm currently adding OpenID login support for a Rails 3.0.0 application.
I have already installed ruby-openid (the gem) and open_id_authentication (the plugin). However, after following the steps required to set up both (from the READMEs), I am still getting this error:
undefined method `authenticate_with_open_id'
I tried Googling the problem, but most threads seem to date from years ago and remain suspiciously unanswered.
Am I missing something obvious? What is causing this problem? Note that I have had no problems switching to file-based stores in environment.rb, so I am sure that the plugin is correctly installed.
Update: Some unresolved problems of the same nature:
http://railsforum.com/viewtopic.php?id=23151
Experiencing a similar error; oddly, I have this working on Rails 3.2 on another branch, and can't figure out the difference; anyhow I found that I got a little further by following suggestions here: Rails 3.0.9 + open_id_authentication
That is, adding the line include OpenIdAuthentication after class SessionsController < ApplicationController:
class SessionsController < ApplicationController
include OpenIdAuthentication
But now I get a Completed 401 Unauthorized in my log, and see a blank page -- just and tags. Ugh.
Update: Ooh, got further; I followed this post: open_id_authentication - "OpenIdAuthentication.store is nil. Using in-memory store." problem
and as they suggested, "added an initializer named config/initializers/openid.rb with this inside":
require 'open_id_authentication' # this was needed, but not described in the referred-to post
OpenIdAuthentication.store = :file
I was then directed to the OpenId provider and was able to click "allow", but on returning to my app, I now see:
NoMethodError in SessionsController#create
undefined method `encoding' for nil:NilClass
Anyhow, finally, I found a restful routes problem and fixed that, and now logging in works!
I'm trying to get a basic example app running that processes email. Nothing fancy, just the barest of functionality at this point. I've installed Fetcher, configured the YAML, updated the :receiver, and created an IncomingMailHandler class.
When I go to start the FetcherDaemon, I get the following error.
/Library/Ruby/Gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:105:in `const_missing': uninitialized constant MailerDaemonFetcherDaemon::IncomingMailHandler (NameError)
I'm using Rails 2.3.2, with the latest Fetcher plugin. The IncomingMailHandler class in my models dir looks like this:
class IncomingMailHandler < ActionMailer::Base
def receive(email)
logger.info("Got a mail about: #{mail.subject}")
end
end
Help!
Ok, so basically, I'm a dumbass. I was following instructions all over the damn web, except for the mostly cut and dry explanation on github. Days later now, I just went through the motions, and boom, it worked flawlessly.
So, to anyone that finds this with the same problem (whether you were trying to follow the WAY outdated instructions on the PeepCode tutorial, or found some tips on a blog), don't be a dumbass like me. The most up-to-date info is on github.
Thanks to anyone that looked at this!
My guess is you didnt set the MailFetcher
MailFetcher.mailer_class = :incoming_mail_handler
put this in environment.rb after the RailsInitializer block.
If you want to use POP3 instead of IMAP you have to specify this there as well