I am having a devise user model.
To login I am using twitter-bootstrap modal.The modal is by default hidden and shown only after an rails default ajax request is send to the server.
It works fine with localhost and production. But when a user is on a subdomain(using acts_as_tenant) like business.lvh.me:3000 the modal window does not pop up and the ajax request fails.
I am sharing the session across all the domains.
My SessionStore initializer.
> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'
PFB the error.log for the same.
Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms | ActiveRecord: 1.6ms)
ActionController::InvalidCrossOriginRequest - Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.:
actionpack (4.2.4) lib/action_controller/metal/request_forgery_protection.rb:225:in `verify_same_origin_request'
activesupport (4.2.4) lib/active_support/callbacks.rb:432:in `block in make_lambda'
activesupport (4.2.4) lib/active_support/callbacks.rb:239:in `block in halting'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `call'
activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.4) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `dispatch'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in `serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.2.1) lib/web_console/middleware.rb:39:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.4) lib/rails/engine.rb:518:in `call'
railties (4.2.4) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
puma (2.9.2) lib/puma/server.rb:490:in `handle_request'
puma (2.9.2) lib/puma/server.rb:361:in `process_client'
puma (2.9.2) lib/puma/server.rb:254:in `block in run'
puma (2.9.2) lib/puma/thread_pool.rb:92:in `block in spawn_thread'
You've hit a problem with CORS (Cross Origin Request Source).
This is a standard specification designed to prevent malicious XML requests through JS -- simply, it means you cannot send uninvited XML requests to other servers; they have to be permitted through that server's CORS policy.
Rack CORS
The important thing for you to note is that the CORS spec extends to subdomains (it treats a subdomain as completely different to a domain).
This means you have to explicitly permit your subdomains in your CORS policy on the server. You can either do this through your web server (EG NGinx or Apache), or through the Rack Middleware stack.
For Rails, there is a very very very very good gem which handles CORS, called Rack-CORS...
#Gemfile
gem "rack-cors"
#config/application.rb
module YourApp
class Application < Rails::Application
# ...
config.middleware.insert_before 0, "Rack::Cors" do
allow do
origins '*'
resource '/*',
:headers => :any,
:methods => [:get, :post, :options],
:if => proc { |env| env['HTTP_HOST'] == 'api.example.com' }
end
end
end
end
--
Because you're sending an AJAX request across your subdomains, your server is treating that as if two completely separate domains are trying to access each other with Ajax.
Of course, we know this is not the case, but CORS doesn't.
Thus, if you want to fix it, you should apply the code above, with your own subdomain for HTTP_HOST.
I fixed the issue by using
<%= link_to "login", remote_login_url, :remote => true%>
instead of
<%= link_to('login', remote_login_url(:subdomain => 'www')),:remote => true %>
And changing the default after sign up and sign in paths for devise registrations and sessions controller.
And as suggested by Rich using Rack-CORS would be helpful in these situations while dealing with ajax and subdomains.
Related
My Rails application throws an ActionController::InvalidAuthenticityToken from time to time. It occurs spontaneously once a month or so. As I don't think that there is some other site trying a CSRF attack, I started to make my thoughts about this rare events. My conclusion so far:
Random robots?
People waiting too long to send the form so that it expires on the server?
Are there other reasons for such false positive rejections?
And please don't explain what CSRF is ;-)
Here are some logs...
F, [2016-12-06T16:03:59.050673 #15136] FATAL -- :
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.2.7) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
actionpack (4.2.7) lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
devise (4.2.0) lib/devise/controllers/helpers.rb:253:in `handle_unverified_request'
actionpack (4.2.7) lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
activesupport (4.2.7) lib/active_support/callbacks.rb:432:in `block in make_lambda'
activesupport (4.2.7) lib/active_support/callbacks.rb:164:in `block in halting'
activesupport (4.2.7) lib/active_support/callbacks.rb:504:in `block in call'
activesupport (4.2.7) lib/active_support/callbacks.rb:504:in `each'
activesupport (4.2.7) lib/active_support/callbacks.rb:504:in `call'
activesupport (4.2.7) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.7) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.7) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.7) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.7) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.7) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.7) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.7) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.7) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.7) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.7) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
actionpack (4.2.7) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.7) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.7) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.7) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.7) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.7) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
actionpack (4.2.7) lib/action_dispatch/routing/route_set.rb:43:in `serve'
actionpack (4.2.7) lib/action_dispatch/routing/mapper.rb:49:in `serve'
actionpack (4.2.7) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.7) lib/action_dispatch/journey/router.rb:30:in `each'
actionpack (4.2.7) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.7) lib/action_dispatch/routing/route_set.rb:817:in `call'
turnout (2.3.1) lib/rack/turnout.rb:25:in `call'
omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
rack-attack (4.4.1) lib/rack/attack.rb:107:in `call'
exception_notification (4.2.1) lib/exception_notification/rack.rb:32:in `call'
warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
warden (1.2.6) lib/warden/manager.rb:34:in `catch'
warden (1.2.6) lib/warden/manager.rb:34:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/cookies.rb:560:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.7) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.7) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.7) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.7) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.7) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.7) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.7) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.7) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.7) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.7) lib/rails/rack/logger.rb:20:in `call'
ahoy_matey (1.4.2) lib/ahoy/engine.rb:22:in `call_with_quiet_ahoy'
request_store (1.3.1) lib/request_store/middleware.rb:9:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.7) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
actionpack (4.2.7) lib/action_dispatch/middleware/ssl.rb:24:in `call'
railties (4.2.7) lib/rails/engine.rb:518:in `call'
railties (4.2.7) lib/rails/application.rb:165:in `call'
/usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:160:in `accept_and_process_next_request'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'
/usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'
/usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'
I am with Dorian on this one as for the solution.
If you're looking to the cause I'm fairly positive that this issue report in rails github hits true, especially this little section:
# Browser quits, clearing session cookies
# Browser re-opens, reloads the page from cache without doing a request
This is especially true since by defualt Rails uses turbolinks which encourages caching (by default 10 pages if I recall).
Another way this can be potentially replicated is by having a user load your DOM (and thus your cookies / session) and then having them manually destroy their session or cookies through the browser management tools (e.g: chrome://settings). This should also reproduce the error since you will have the hidden tag for csrf in the form, but not the session cookie... and you need both.
You should probably null the session in your production environment instead of throwing an exception:
In you ApplicationController (or any controller you are concerned about) add:
protect_from_forgery with: :null_session
If you are really worried about it, my advice would be to log to error to Bugsnag for instance and there you will be able to review the request and understand why it happened.
I am buidling rails application with my ApplicationController building on ActionController::API. I tried integrating open_id_authentication gem and it worked fine if my ApplicationController was built using ActionController::Base but threw error with API. I tried including middleware in following manners
Method 1. Add middleware in initilaizer
`config/initializers/openid.rb`
require 'open_id_authentication'
Rails.application.config do
config.middleware.use OpenIdAuthentication
config.after_initialize do
OpenID::Util.logger = Rails.logger
ActionController::API.send :include, OpenIdAuthentication::ControllerMethods
end
end
but got following error stack with it:
NoMethodError - undefined method `authenticate_with_open_id' for #:
app/controllers/v2/sessions_controller.rb:45:in `accounts_authentication'
app/controllers/v2/sessions_controller.rb:17:in `login'
actionpack (4.2.6) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.2.6) lib/abstract_controller/base.rb:198:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.2.6) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.2.6) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.6) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.6) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.6) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.6) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.6) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.6) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.6) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.6) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.6) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
activerecord (4.2.6) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.6) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.6) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.6) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.6) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.6) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:43:in `serve'
actionpack (4.2.6) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.6) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:817:in `call'
rack-openid (1.4.2) lib/rack/openid.rb:98:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.6) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.6) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.6) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.6) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.6) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
web-console (2.3.0) lib/web_console/middleware.rb:20:in `block in call'
web-console (2.3.0) lib/web_console/middleware.rb:18:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.6) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.6) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.6) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/static.rb:120:in `call'
railties (4.2.6) lib/rails/engine.rb:518:in `call'
railties (4.2.6) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
rack (1.6.4) lib/rack/handler/webrick.rb:88:in `service'
/usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
/usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
Method 2. Add middleware via config/environment/development.rb
require 'open_id_authentication'
Rails.application.configure do
config.middleware.use OpenIdAuthentication::Middleware
end
It gave the same error stack
Please help me with the solution to include middleware for open_id_authentication in ActionController::API
I checked the middlewares included using command rake middleware and I found that OpenIdAuthentication::Middleware was already included. Going through rails-api README, I added config.middleware.use Rack::MethodOverride to config/environments/development.rb.
Now, to access open_id_authentication gem methods, include it in whichever module/controller you are using via include OpenIdAuthentication::ControllerMethods as ControllerMethods module has all the methods being used.
I am trying to use the url entered by a user to gather the title, description, root_url, scheme and host for that URL.
Right now, I am getting this error as soon as I call MetaInspector:
NoMethodError - undefined method `normalize' for nil:NilClass:
Help will be extremely appreciated here. I have tried many things without any conclusive results. What am I missing?
Here's my code:
I hit the links#new view..
Logs
NoMethodError - undefined method `normalize' for nil:NilClass:
metainspector (5.2.1) lib/meta_inspector/url.rb:83:in `normalized'
metainspector (5.2.1) lib/meta_inspector/url.rb:50:in `url='
metainspector (5.2.1) lib/meta_inspector/url.rb:12:in `initialize'
metainspector (5.2.1) lib/meta_inspector/document.rb:31:in `initialize'
metainspector (5.2.1) lib/meta_inspector.rb:20:in `new'
app/services/get_meta.rb:11:in `new_record'
app/controllers/links_controller.rb:8:in `create'
actionpack (4.2.6) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.2.6) lib/abstract_controller/base.rb:198:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.2.6) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.2.6) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.6) lib/active_support/callbacks.rb:555:in `block (2 levels) in compile'
activesupport (4.2.6) lib/active_support/callbacks.rb:505:in `call'
activesupport (4.2.6) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
activesupport (4.2.6) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
activesupport (4.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.6) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.6) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.6) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.6) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.6) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.6) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.6) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.6) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.6) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.6) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.6) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.6) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:43:in `serve'
actionpack (4.2.6) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.6) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.6) lib/action_dispatch/routing/route_set.rb:817:in `call'
omniauth (1.3.1) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.3.1) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.3.1) lib/omniauth/builder.rb:63:in `call'
rack (1.6.4) lib/rack/etag.rb:24:in `call'
rack (1.6.4) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.4) lib/rack/head.rb:13:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.6) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
activerecord (4.2.6) lib/active_record/migration.rb:377:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.6) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
activesupport (4.2.6) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
activesupport (4.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.6) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.6) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.6) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.6) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.6) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.4) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.4) lib/rack/lock.rb:17:in `call'
actionpack (4.2.6) lib/action_dispatch/middleware/static.rb:120:in `call'
rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
railties (4.2.6) lib/rails/engine.rb:518:in `call'
railties (4.2.6) lib/rails/application.rb:165:in `call'
rack (1.6.4) lib/rack/content_length.rb:15:in `call'
puma (3.4.0) lib/puma/configuration.rb:224:in `call'
puma (3.4.0) lib/puma/server.rb:569:in `handle_request'
puma (3.4.0) lib/puma/server.rb:406:in `process_client'
puma (3.4.0) lib/puma/server.rb:271:in `block in run'
puma (3.4.0) lib/puma/thread_pool.rb:114:in `block in spawn_thread'
I have two models: Link and Domain
Models:
class Domain < ActiveRecord::Base
has_many :links
end
class Link < ActiveRecord::Base
has_one :domain
end
Tables
# Table name: links
#
# id :integer not null, primary key
# url :string
# created_at :datetime not null
# updated_at :datetime not null
#
# Table name: domains
#
# id :integer not null, primary key
# root_url :string
# scheme :string
# host :string
# created_at :datetime not null
# updated_at :datetime not null
Links Controller
class LinksController < ApplicationController
def new
#link = Link.new
end
def create
#link = GetMeta.new(params[:url]).new_record
redirect_to root_url
end
private
def link_params
params.require(:link).permit(:url, :created_at, :updated_at)
end
end
Service Object: Get_Meta.rb
class GetMeta
include ActiveModel::Model
def initialize(url)
#url = url
end
def new_record
#https://github.com/jaimeiniesta/metainspector
page = MetaInspector.new(#url)
Link.create! do |link|
link.url = page.url
link.title = page.title
link.description = page.description
link.domain.build(root_url: page.root, scheme: page.scheme, host: page.host)
end
end
end
Ok, so the relevant lines from the stacktrace are these two:
NoMethodError - undefined method `normalize' for nil:NilClass:
metainspector (5.2.1) lib/meta_inspector/url.rb:83:in `normalized'
From the message, you can already guess that something is nil that metainspector was assuming wouldn't be. But lets follow the stacktrace just to be sure.
A you list in your comment (thanks for that BTW it's really a good idea!) the project is here: https://github.com/jaimeiniesta/metainspector
If you click that then look for the file listed: lib/meta_inspector/url.rb:83
and look at line 83 as specified above, you get this:
# Normalize url to deal with characters that should be encoded,
# add trailing slash, convert to downcase...
def normalized(url)
Addressable::URI.parse(url).normalize.to_s
so... normalized in metainspector is expecting there to actually be a url... and is freaking out when it's nil. So that confirms that the problem is that there is no url being passed into metainspector.
This means you need to check for that before passing in the url... or at least figure out why you're not passing throught he url... whic I think I can see why here:
This line indicated that the params are likely to come through as: {:link => {:url => 'some_url'}}
params.require(:link).permit(:url, :created_at, :updated_at)
which you'd access with params[:link][:url]
but your code that uses the url is:
#link = GetMeta.new(params[:url]).new_record
so I'd change the usage above to the below and you should be good to go
#link = GetMeta.new(params[:link][:url]).new_record
I have a Rails app that runs in a Docker container which is assigned an ip 172.17.0.3. Incoming requests to the host machine 51.x.x.x are forwarded to the rails app in 172.17.0.3. More specifically, this was done as such:
docker run -p 8080:8080 rails_app
However, Rails app throws Can't verify CSRF token authenticity error when a user tries to access some of the pages. My suspicion is that Rails thinks the incoming request is an attack, since the ip of the destination doesn't match the ip of the Rails app - i.e. user requests are directed to the host machine 51.x.x.x, whereas Rails actual location is at 172.17.0.3
Is there any way for me to tell Rails that these requests are legit? As an additional info, I use devise for authentication, and unicorn as the server.
Some of you might be tempted to suggest changing protect_from_forgery with: :exception to :null_session, but the application works just fine when not placed behind a proxy. Besides, some of the logic will not work when I changed that part since I think the setting messes with the way a user session is handled.
This is the layout of my network:
(user from public network) ----> (proxy) ----> (rails app on a private network)
(202.x.x.x) (51.x.x.x) (172.x.x.x)
EDIT:
The app is in development settings. Here's the error I got in log/development.log files.
Started POST "/register" for 202.x.x.x at 2014-11-18 02:27:11 +0000
Processing by UsersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"aBG3nIAKK1ALMJ1DDYFlMkmqISMBMZc3iLmaeD2byG8=", "user"=>{"email"=>"email#gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.1.4) lib/action_controller/metal/request_forgery_protection.rb:176:in `handle_unverified_request'
actionpack (4.1.4) lib/action_controller/metal/request_forgery_protection.rb:202:in `handle_unverified_request'
devise (3.4.0) lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
actionpack (4.1.4) lib/action_controller/metal/request_forgery_protection.rb:197:in `verify_authenticity_token'
activesupport (4.1.4) lib/active_support/callbacks.rb:424:in `block in make_lambda'
activesupport (4.1.4) lib/active_support/callbacks.rb:160:in `call'
activesupport (4.1.4) lib/active_support/callbacks.rb:160:in `block in halting'
activesupport (4.1.4) lib/active_support/callbacks.rb:166:in `call'
activesupport (4.1.4) lib/active_support/callbacks.rb:166:in `block in halting'
activesupport (4.1.4) lib/active_support/callbacks.rb:149:in `call'
activesupport (4.1.4) lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
activesupport (4.1.4) lib/active_support/callbacks.rb:149:in `call'
activesupport (4.1.4) lib/active_support/callbacks.rb:149:in `block in halting_and_conditional'
activesupport (4.1.4) lib/active_support/callbacks.rb:86:in `run_callbacks'
actionpack (4.1.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.1.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.1.4) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
activesupport (4.1.4) lib/active_support/notifications.rb:159:in `block in instrument'
activesupport (4.1.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.1.4) lib/active_support/notifications.rb:159:in `instrument'
actionpack (4.1.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.1.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.1.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.1.4) lib/abstract_controller/base.rb:136:in `process'
actionview (4.1.4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.1.4) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.1.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.1.4) lib/action_controller/metal.rb:232:in `block in action'
actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:82:in `call'
actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:82:in `dispatch'
actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:50:in `call'
actionpack (4.1.4) lib/action_dispatch/routing/mapper.rb:45:in `call'
actionpack (4.1.4) lib/action_dispatch/journey/router.rb:71:in `block in call'
actionpack (4.1.4) lib/action_dispatch/journey/router.rb:59:in `each'
actionpack (4.1.4) lib/action_dispatch/journey/router.rb:59:in `call'
actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:678:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:35:in `call'
rack (1.5.2) lib/rack/head.rb:11:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/flash.rb:254:in `call'
rack (1.5.2) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.1.4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.1.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:621:in `call'
activerecord (4.1.4) lib/active_record/migration.rb:380:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.1.4) lib/active_support/callbacks.rb:82:in `run_callbacks'
actionpack (4.1.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.1.4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.1.4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.1.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.1.4) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.1.4) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.1.4) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.5.2) lib/rack/methodoverride.rb:21:in `call'
rack (1.5.2) lib/rack/runtime.rb:17:in `call'
activesupport (4.1.4) lib/active_support/cache/strategy/local_cache_middleware.rb:26:in `call'
rack (1.5.2) lib/rack/lock.rb:17:in `call'
actionpack (4.1.4) lib/action_dispatch/middleware/static.rb:64:in `call'
rack-cors (0.2.9) lib/rack/cors.rb:54:in `call'
rack (1.5.2) lib/rack/sendfile.rb:112:in `call'
railties (4.1.4) lib/rails/engine.rb:514:in `call'
railties (4.1.4) lib/rails/application.rb:144:in `call'
rack (1.5.2) lib/rack/lint.rb:49:in `_call'
rack (1.5.2) lib/rack/lint.rb:37:in `call'
rack (1.5.2) lib/rack/showexceptions.rb:24:in `call'
rack (1.5.2) lib/rack/commonlogger.rb:33:in `call'
sinatra (1.4.5) lib/sinatra/base.rb:217:in `call'
rack (1.5.2) lib/rack/chunked.rb:43:in `call'
rack (1.5.2) lib/rack/content_length.rb:14:in `call'
unicorn (4.8.3) lib/unicorn/http_server.rb:576:in `process_client'
unicorn (4.8.3) lib/unicorn/http_server.rb:670:in `worker_loop'
unicorn (4.8.3) lib/unicorn/http_server.rb:525:in `spawn_missing_workers'
unicorn (4.8.3) lib/unicorn/http_server.rb:140:in `start'
unicorn (4.8.3) bin/unicorn:126:in `<top (required)>'
From a cursory reading of the 'protect_from_forgery method', we find the following:
def protect_from_forgery(options = {})
self.forgery_protection_strategy = protection_method_class(options[:with] || :null_session)
self.request_forgery_protection_token ||= :authenticity_token
prepend_before_action :verify_authenticity_token, options
append_after_action :verify_same_origin_request
end
Which has a before action callback called 'verify_authenticity_token'. If we look at its source we find the following:
def verify_authenticity_token
mark_for_same_origin_verification!
if !verified_request?
logger.warn "Can't verify CSRF token authenticity" if logger
handle_unverified_request
end
end
From there we note that it calls 'verified_request?'.
def verified_request?
!protect_against_forgery? || request.get? || request.head? ||
form_authenticity_token == params[request_forgery_protection_token] ||
form_authenticity_token == request.headers['X-CSRF-Token']
end
Given the nature of the raised exception, I would think that one or more of those conditions are not being met. I don't think that it has anything to do with the IP addressing.
If your rails app is speaking over non-SSL to your proxy, there could be an issue where your ActiveRecord::SessionStore is throwing a fit because of that scenario.
Our fix was to make the session store insecure:
OurApplication::Application.config.session_store :active_record_store, secure: false
Edit: Still no fix yet... We're probably going to have to make the SSL terminate at the apps as opposed to the proxy over this.
So for us, the issue had nothing to do with SSL in the end. We had a javascript call being executed on the first page load that was trying to perform a handshake against a backend service (via a POST), but we hadn't properly configured our HAProxy to route calls to that service, so instead the POST was hitting Rails. Even though Rails returned a 404 for the route, it also reset the session because of the missing CSRF token in the request. Fixing HAProxy's routing fixed the issue.
Our scenario likely has almost nothing to do with yours, and in Rails 4, they made the default behavior of protect_from_forgery be to raise an exception instead of resetting the session. Oh, and we did also ultimately need to set the session store to insecure:
OurApplication::Application.config.session_store :active_record_store, secure: false
I tried to follow the 'Secure Upload' in carrier wave which is a bit confusing because I have customized the file path and all a bit. When I try to run the app, I get 'Cannot read file' error.
Here's the route :
match "/uploads/tobereviewed/:user.:username.downcase/:basename.:extension", :controller => "photos", :action => "uploaded", via: :get
The sotre_dir of uploader :
class SubmitUploader < CarrierWave::Uploader::Base
def store_dir
"uploads/tobereviewed/#{model.user.username.downcase}"
end
carrierwave.rb initializer :
CarrierWave.configure do |config|
config.permissions = 0600
config.directory_permissions = 0700
config.root = Rails.root
end
Photos controller :
def uploaded
file = Submit.first
send_file "#{Rails.root}/uploads/tobereviewed/#{file.user.username.downcase}/#{file.id}"
end
The full error log :
Started GET "/uploaded" for 127.0.0.1 at 2014-11-27 18:19:09 +0530
Processing by PhotosController#uploaded as HTML
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
Submit Load (2.6ms) SELECT "submits".* FROM "submits" ORDER BY "submits"."id" ASC LIMIT 1
User Load (2.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 1]]
Sent file /home/pubudu/Projects/istockseller/uploads/tobereviewed/thpubs/36603935 (0.7ms)
Completed 500 Internal Server Error in 54ms
ActionController::MissingFile - Cannot read file /home/pubudu/Projects/istockseller/uploads/tobereviewed/thpubs/36603935:
actionpack (4.2.0.beta4) lib/action_controller/metal/data_streaming.rb:68:in `send_file'
actionpack (4.2.0.beta4) lib/action_controller/metal/instrumentation.rb:49:in `block in send_file'
activesupport (4.2.0.beta4) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.0.beta4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.0.beta4) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.0.beta4) lib/action_controller/metal/instrumentation.rb:47:in `send_file'
() home/pubudu/Projects/istockseller/app/controllers/photos_controller.rb:24:in `uploaded'
actionpack (4.2.0.beta4) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (4.2.0.beta4) lib/abstract_controller/base.rb:198:in `process_action'
actionpack (4.2.0.beta4) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (4.2.0.beta4) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:117:in `call'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:169:in `block in halting'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:151:in `block in halting_and_conditional'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:234:in `block in halting'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:234:in `block in halting'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:169:in `block in halting'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:92:in `_run_callbacks'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:734:in `_run_process_action_callbacks'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.0.beta4) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.0.beta4) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.0.beta4) lib/action_controller/metal/instrumentation.rb:31:in `block in process_action'
activesupport (4.2.0.beta4) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.0.beta4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.0.beta4) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.0.beta4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.0.beta4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.0.beta4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.0.beta4) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.0.beta4) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.0.beta4) lib/action_controller/metal.rb:195:in `dispatch'
actionpack (4.2.0.beta4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.0.beta4) lib/action_controller/metal.rb:236:in `block in action'
actionpack (4.2.0.beta4) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (4.2.0.beta4) lib/action_dispatch/routing/route_set.rb:42:in `serve'
actionpack (4.2.0.beta4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.0.beta4) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.0.beta4) lib/action_dispatch/routing/route_set.rb:780:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.0.beta) lib/rack/etag.rb:23:in `call'
rack (1.6.0.beta) lib/rack/conditionalget.rb:25:in `call'
rack (1.6.0.beta) lib/rack/head.rb:13:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/flash.rb:257:in `call'
rack (1.6.0.beta) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.0.beta) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/cookies.rb:558:in `call'
activerecord (4.2.0.beta4) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.0.beta4) lib/active_record/connection_adapters/abstract/connection_pool.rb:647:in `call'
activerecord (4.2.0.beta4) lib/active_record/migration.rb:378:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:88:in `_run_callbacks'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:734:in `_run_call_callbacks'
activesupport (4.2.0.beta4) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
better_errors (1.1.0) lib/better_errors/middleware.rb:84:in `protected_app_call'
better_errors (1.1.0) lib/better_errors/middleware.rb:79:in `better_errors_call'
better_errors (1.1.0) lib/better_errors/middleware.rb:56:in `call'
web-console (2.0.0.beta4) lib/action_dispatch/debug_exceptions.rb:18:in `middleware_call'
web-console (2.0.0.beta4) lib/action_dispatch/debug_exceptions.rb:13:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.0.beta4) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.0.beta4) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.0.beta4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.0.beta4) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.0.beta4) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.0.beta4) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.0.beta) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.0.beta) lib/rack/runtime.rb:17:in `call'
activesupport (4.2.0.beta4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.0.beta) lib/rack/lock.rb:17:in `call'
actionpack (4.2.0.beta4) lib/action_dispatch/middleware/static.rb:113:in `call'
rack (1.6.0.beta) lib/rack/sendfile.rb:113:in `call'
railties (4.2.0.beta4) lib/rails/engine.rb:514:in `call'
railties (4.2.0.beta4) lib/rails/application.rb:161:in `call'
rack (1.6.0.beta) lib/rack/tempfile_reaper.rb:15:in `call'
rack (1.6.0.beta) lib/rack/lint.rb:49:in `_call'
rack (1.6.0.beta) lib/rack/lint.rb:37:in `call'
rack (1.6.0.beta) lib/rack/showexceptions.rb:24:in `call'
rack (1.6.0.beta) lib/rack/commonlogger.rb:33:in `call'
rack (1.6.0.beta) lib/rack/chunked.rb:54:in `call'
rack (1.6.0.beta) lib/rack/content_length.rb:15:in `call'
rack (1.6.0.beta) lib/rack/handler/webrick.rb:89:in `service'
() home/pubudu/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/webrick/httpserver.rb:138:in `service'
() home/pubudu/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/webrick/httpserver.rb:94:in `run'
() home/pubudu/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/webrick/server.rb:295:in `block in start_thread'
127.0.0.1 - - [27/Nov/2014:18:19:09 +0530] "GET /uploaded HTTP/1.1" 500 - 0.0743
Update :
I set the correct file path like this :
send_file "#{file.filename.file}"
But then it gives this error :
Cannot read file #<CarrierWave::SanitizedFile:0x007f570c2b9e58>
Is my routes correct?
As per your setup CarrierWave should save your file inside "/home/pubudu/Projects/istockseller/public/uploads/tobereviewed/thpubs/#{model.user.username.downcase}/somefile.ext"
So, ideally your code should be
send_file "#{Rails.root}/public/#{file.image.url}"
Assuming your upload column is image.
Setup debugger in the controller's action.
def uploaded
file = Submit.first
debugger
send_file "#{file.filename.file}"
end
Now, request the action again and go to the debugger console. A tip here is to open "irb" inside the debugger. Just type "irb" and hit enter.
See what file.filename.file is returning. I believe it's an invalid path, so check if the file exists in your filesystem. Then, you can reproduce the next step (send_file) and check the error log.
I'd then advise you to open the source code of CarrierWave gem in your computer and find what's wrong with your code.
In your terminal, go to your project directory and run:
bundle show carrierwave
This will print you the path of the carrierwave gem's source you are using. Open it in your editor and find what's wrong with your code, according to the error log!
Tip
If you provide the current error log (after your update), we may help you better.
Cannot read file #<CarrierWave::SanitizedFile:0x007f570c2b9e58>
is not enough. The full backtrace would be better than this "one line" of code (use pastebin whenever possible).