I am using delayed_job gem on a heroku deployment. It has been working fine for a few months, but suddenly when I try to access to access mydomain.com/delayed_job it shows one word: "Forbidden"
When I check heroku logs it doesn't show an error, but does show that the page was requested.
Any idea why this would happen? It is especially confusing since it has been working fine until now.
In the end I tried accessing the same page in a different browser and it works. Therefore the error likely has something to do with the local browser cache.
I had this too; it seems to be similar to the problem described in this issue. The CSRF protection gets false positives.
In my case, I only use DelayedWebAdmin in development, so I created an initializer to disable session protection. This would probably be a bad idea in production, but here's how to disable it in development:
config/initializers/delayed_job_web.rb:
if Rails.env.development?
class DelayedJobWeb
disable :sessions
set :protection, false
end
end
Related
I have old project in Rails 5, I have to add Api and it was working fine, 3 days ago, but now it suddenly started to give me ActionController::InvalidAuthenticityToken I have done no changes in any controller related to web, but added few Gems includes rspec-rails, jwt and creating its Api, but suddenly on chrome it is giving me this error.
When I started work I tested and it was working fine, and on Safari browser it works fine. But on Chrome it gives this error. Following line is added in my application, if I disable this error goes, but I think that will make it unsecure.
protect_from_forgery with: :exception, prepend: true
I check few answers where long list that it s old issue, but I am working on many rails project and I never saw this issue! Some post direct me to use https so I also used https but issue for chrome is still there.
Any help
I originally had only a me-too comment.
But with sheer luck, I happen to know the answer.
It is not your code that changes; it's the browsers.
Please check the news related to Same-Site policy changes from Google.
Basically, the cookie is not working in your environment anymore because of changes in the browser, rendering the CSRF token unusable.
You have to config Rails.application.config.session_store in an initializer; unfortunately, there is no one-liner fixed all in this situation; it depends on the environment and situations.
Just put the below the line in your ApplicationController
skip_before_action :verify_authenticity_token
I am using rails 5 and wanted to see the /rails/mailers url in production mode under the authentication.
I am able to implement authentication under the URLs but I can only see a blank page on production(Heroku, review app) but on local I can see the complete page without any issues.
I tried production mode on local as well and that was also working fine.
Running out of ideas in that direction. Thanks in advance.
I got to know,
We are not pushing the spec directory to Heroku, hence there is an empty list of the previews and not able to view any preview at all.
If you use Heroku beware of your .slugignore, you might have 'spec/' in it.
If it is the case, as spec/mailers/previews doesn't exist on heroku instance, you've got a blank page as a result (status 200).
Also note that unlike .gitignore, .slugignore does not support negated ! patterns.
Here is my workaround :
1.move previews away from spec/, to app/mailers/
2.
#environment.rb
...
Rails.application.configure do
config.action_mailer.preview_path = "#{Rails.root}/app/mailers/previews"
end
I am not really sure what is going on with my rails app. I have not changed any code on my front page but I am getting the error EOFError (end of file reached) with no further information on the logs.
It is only the index page that has this issue. I would like to know, if there is any other way I can get more information on this error.
This is all I have from papertrail
Edit: In localhost everything works fine but once I have deployed to Heroku my frontpage does not work.
After a back and forth with Heroku, my issue ended up being resolved. There was no error in the code as this piece of code had been working all along. Heroku advised that maintenance occurs every night and maybe the moving of the app to a different dyno might have resolved the issue.
If anyone else ends up with a similar issue, if a restart does not fix it maybe ask Heroku to move you to a different dyno.
I'm trying to replicate a bug in development which come from the production environment.
When the bug occurs I should see a 500 server error, but rails is displaying the following page to me, which is not what I want:
the grey rails error page
(the error in the image is not the one I'm trying to reproduce, but it shows they error page, which is what I'm talking about here)
How can I turn off this feature from rails so it just display a 500 error that a normal user will see?
And what is this tool/page called? I usually just call it the (red) rails error page. (but in this case it is grey for some reason, I don't know why too. Does anyone know?)
Try to the following
# config/environments/development.rb
config.consider_all_requests_local = false
By default, this value is true because of the need to debug code on development environment that's why, if you change value with false then will show the error page which is designed default.
If you need to generate and design custom then the follow this tutorial.
Hope to help
What about run rails in production environment?
rails server -e production
I upgraded the authentication in my application to use Rails 3.1's has_secure_password facility. In the process, I created a page to allow users to change their passwords. I tested it and it works on my development machine, both in development and production environments.
When I deployed the application to Heroku, I went to try it and it seemed to work, except when I logged out and logged back in, my password was unchanged. I tried changing the password manually in the console and that works fine. If I try to enter different text for the password and confirmation, it shows the validation it is supposed to, which means the password is getting sent to the app correctly.
Here is the relevant change to my controller: https://github.com/mjm/sis-lunch/commit/930ced467a0e23ad48f4497999183112c5f846b1#diff-2
Is there something I'm missing? What could be wrong with it in production on Heroku that could cause this to silently fail?
I'm not sure how you are testing it on your development machine, since PeopleControllerTest is empty, but the password field is protected against mass assignment. It shouldn't work in PeopleController the way it is written. (that's a good thing!)
You will need to explicitly call Person#password= in your controller.
The relevant Rails source code for ActiveModel::SecurePassword can show you exactly what happens when you use has_secure_password.
I believe I figured it out. I deployed the app to Heroku, then ran the migrations. The app was not fully aware of the new password_digest column, but new consoles were, so they worked fine. Restarting the app using heroku restart fixed it.