I get the below error at the time of authentication from any IE browser; however, do not get this error if using firefox or chrome.
Help
ActionController::InvalidAuthenticityToken in User sessionsController#create
ActionController::InvalidAuthenticityToken
RAILS_ROOT: /webdata/ASR/docs
Application Trace | Framework Trace | Full Trace
Request
Parameters:
Some authenticity token problems are detected on IE when using IFrames as stated in this question:
Ruby on Rails Invalid Authenticity Token when using IE
If you are using one, you might want to consider:
before_filter :set_p3p
def set_p3p
response.headers["P3P"]='CP="CAO PSA OUR"'
end
In order to fix it.
Related
I'm using Turbolinks in my Rails 5 app. Now it is behaving as single page app, which is good, but when I create a new user or sign up the flash errors are not showing up.
I'm betting the following error in the in console:
POST http://localhost:3000/users/sign_in 401 (Unauthorized)
Rails.ajax # rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:189
Rails.handleRemote # rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:546
(anonymous) # rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:146
VM707:1 Uncaught SyntaxError: Unexpected identifier
at processResponse (rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:246)
at rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:173
at XMLHttpRequest.xhr.onreadystatechange (rails-ujs.self-817d9a8cb641f7125060cb18fefada3f35339170767c4e003105f92d4c204e39.js?body=1:23
What I really need is to show those errors in the view using by using the flash. Any suggestions would be very helpful. Thanks in advance.
I have started getting a strange issue in a Rails app, that is proving very difficult to debug.
EOFError
end of file reached
is being raised on some Devise routes. So far I'm getting this on session#destroy and registration#update (I have not been able to try others).
The issue is not occurring in tests, only in development environment.
After stepping through the controllers, the error appears to be raised on the following lines.
registration#update
resource_updated = update_resource(resource, account_update_params)
session#destroy
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
I realise that identifing the cause will likely need much more code. But after several hours trying to debug this I'm at a loss to next steps. I'd be grateful if anyone can:
Suggest how to obtain more useful information when EOFError is
raised. Currently all I'm getting is Completed 500 Internal Server
Error in 2627ms (ActiveRecord: 10.1ms) EOFError - end of file
reached: without much to identify where this is being raised.
Suggest a logical approach to debug this. From my attempts, the
error appears to be coming from the Devise internals, which I don't
think is correct.
I wanted to build API for my existing application. The special authentication token was generated and added to my database. The problem is that when it comes to comparing between token sent by user application with the one defined in the database, I get such error:
NameError (uninitialized constant ActiveSupport::SecurityUtils):
app/controllers/api/v1/base_controller.rb:64:in `authenticate_user!'
Rendered
/home/snow/.rvm/gems/ruby-2.0.0-p643/gems/actionpack-4.0.2/lib/action_dispatch/middleware/templates/rescues/_source.erb
(25.4ms)
Rendered
/home/snow/.rvm/gems/ruby-2.0.0-p643/gems/actionpack-4.0.2/lib/action_dispatch/middleware/templates/rescues/_trace.erb
(0.8ms)
Rendered
/home/snow/.rvm/gems/ruby-2.0.0-p643/gems/actionpack-4.0.2/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb
(29.9ms)
Rendered
/home/snow/.rvm/gems/ruby-2.0.0-p643/gems/actionpack-4.0.2/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (74.0ms)
Or you can see the response from postman:
Searching the Web for answer, it appeared that it may be caused by the incompatibility of Rails version and secure_compare method. (My application is built on Rails 4.0.2 while it is needed to use Rails 4.2.0.) Is rails upgrading the only solution for my problem, or is there any other way to securely compare tokens without using ActiveSupport::SecurityUtils ?
Authentication code is here:
def authenticate_user!
token, options = ActionController::HttpAuthentication::Token.token_and_options(request)
user_phone_number = options.blank?? nil : options[:phone_number]
user = user_phone_number && User.find_by(phone_number: user_phone_number)
if user && ActiveSupport::SecurityUtils.secure_compare(user.authentication_token, token)
#current_user = user
else
return unauthenticated!
end
end
When I go to a bogus url like:
/posts/99999999
On my local machine, I see:
ActiveRecord::RecordNotFound in Posts#show
Showing /Users/patrick/rails/my_app/app/views/posts/show.html.haml where line #1 raised:
Couldn't find Post with ID=99999
... The log shows:
Rendered posts/show.html.haml within layouts/application (29.6ms)
Completed in 423ms
ActionView::Template::Error (Couldn't find Post with ID=99999)
--- However, when I do this in production, I get the public/500.html error page, not 404... I'm kind of confused because in development mode, the browser shows ActiveRecord::RecordNotFound (which should mean 404, yes?) but the log shows ActionView::Template::Error-- not one mention of ActiveRecord::RecordNotFound.
So, ultimately, my question is, how can I make this a 404 not a 500? And-- why is it a 500?
From what I have seen, Rails should automatically make an ActiveRecord::RecordNotFound render the 404.html page... The problem I discovered was I am using the gem decent_exposure, and because of it's nature of lazy loading, it causes the error to happen in the view rather than the controller, and therefore Rails doesn't know to render the 404 page because it shows up as an actual ActionView::Template::Error...
Just add a ! to the find_by_column method.
Example:
#post = Post.find_by_id!(params[:id])
Then, a RecordNotFound exception is thrown.
I'm using Rails 2.3.8 with Ruby 1.8.7 (both installed via CPanel) and gem 1.3.7 and I'm using MongoDB.
Well, I get the following error when I'm trying to create an user (class User):
Processing UsersController#create (for 127.0.0.1 at 2010-11-13 16:09:55) [POST]
Parameters: {"commit"=>"Create", authenticity_token"=>"3AdGHqazhzJUddjLDIKSNzcGTR8KN1Hh7PL+9+vrJ74=", "user"=> "name"=>"jqa"}}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken)
Rendering /home/jqa/public_html/web/public/422.html (422 Unprocessable Entity)
Any Help? Thanks in advance
Are you using rails form helper to generate the registration form? I guess not and thats why you are getting this error. I suggest you to use form_for or form_tag method for the form.
You are getting this because rails generate an authenticity token along with the generated form which gets posted back on form submit as a hidden field. With this rails can assume that it is an authentic request from the same app.
If you have generated the form with hand crafter html, this hidden field wont be there in the form and that why rails is cribbing about it!