Missing cookie in Rails 4 - ruby-on-rails

For some reason the session cookie on my app is not being set properly in production. This problem seemed to have just appeared overnight, with no changes on my end that I can think of. There is only one domain involved.
A session cookie is set when I run the app in development on localhost, so there is something strange happening with the server. If I inspect the cookies on the server side, it gives me a list, but the cookie is not being set in the browser. Also, I can manually create a test cookie on the server side, and it shows up on the browser. It's only the session cookie that is not showing up.
I tried changing the session store from memcached to cookiestore, which doesn't seem to have helped - still no session cookie. So I don't think it's the session_store code.
Using Rails 4.0.2 and passenger 4.0.19 with whatever version of nginx it installs. ruby 1.9.3. Any help would be appreciated - I'm completely stumped.

They already fix this in github repo, and is being release at any moment.
Anyway, if someone is in rails2, and still has this bug, or don't want to update Passenger, we could fixed it doing:
class ApplicationController < ActionController::Base
after_filter :set_headers
def set_headers
response.headers["Date"] = "#{Time.now.utc}"
end
end
UPDATE
Here it is the official post explaining what happened.
I've just update Phusion Passenger gem to 4.0.30. it is quite straight forward and has the fix for this bug. Oficial Instruction here

Related

ActiveAdmin taking wrong http method for update and destroy actions

Rails version - 5.2
Active admin version - 2.9.0
I have installed and configured active admin in my rails API application. Everything is working fine, except for the update, delete action of any controller, and logout of the admin user.
Here is my applicaiton.rb file
I have added method override in application.rb file though it is taking the POST request method for any update or delete request. It is working fine in my local even though it is taking POST request but when I deployed the code on the staging environment. I have found this thing. On my staging environment, that route is not present hence it is giving 404 error.
Below is the screenshot of the Update admin user request.
Can someone please help me to fix this issue?
I have finally fixed the issue. I am assuming the issue might be with my staging web server configuration otherwise it was working fine in my local in both the environments local and staging.
Post the answer here so it might help people in future.
By default the browser only supports for GET and POST requests. If we want to use any other request methods then we need to pass that request method in the parameter _method. You can read more about it here.
That wasn't happening in my case though i have added config.middleware.use Rack::MethodOverride in application.rb.
For resolving the issue, I have added the use Rack::MethodOverride in my config.ru file. It means before running the rails application it will use this method. I have added this code and that's it everything is working fine now.

ActionController::InvalidAuthenticityToken coming suddenly

I have old project in Rails 5, I have to add Api and it was working fine, 3 days ago, but now it suddenly started to give me ActionController::InvalidAuthenticityToken I have done no changes in any controller related to web, but added few Gems includes rspec-rails, jwt and creating its Api, but suddenly on chrome it is giving me this error.
When I started work I tested and it was working fine, and on Safari browser it works fine. But on Chrome it gives this error. Following line is added in my application, if I disable this error goes, but I think that will make it unsecure.
protect_from_forgery with: :exception, prepend: true
I check few answers where long list that it s old issue, but I am working on many rails project and I never saw this issue! Some post direct me to use https so I also used https but issue for chrome is still there.
Any help
I originally had only a me-too comment.
But with sheer luck, I happen to know the answer.
It is not your code that changes; it's the browsers.
Please check the news related to Same-Site policy changes from Google.
Basically, the cookie is not working in your environment anymore because of changes in the browser, rendering the CSRF token unusable.
You have to config Rails.application.config.session_store in an initializer; unfortunately, there is no one-liner fixed all in this situation; it depends on the environment and situations.
Just put the below the line in your ApplicationController
skip_before_action :verify_authenticity_token

Enabling CORS for IGDB using ruby on rails?

So I've been at this issue for hours now but cannot figure it out. I've been trying to use the IGDB API using the ruby gem igdb_api but keep getting a 403 Forbidden exception. I'm running the server locally for development at localhost:3000. Here is how I setup my test code:
class PagesController < ApplicationController
def home
...
end
def games
# initialize with api_key
Igdb.connect(ENV['IGDB_API_KEY'])
puts Igdb::Game.count
end
end
I've been trying to use rack-cors to fix this but nothing changes. So I'm not sure if I'm missing something obvious. Any help would be great! Thank you.
I don't think cors is an issue.
CORS basically prevents web-browser from making requests to services outside of current domain.
403 errors means some authorization problems.
I ended up using a different gem for accessing the api, one called igdb_client.
While I then had a SSL_connection error since I'm on Windows, it was easily fixed by following this quick solution here: https://superdevresources.com/ssl-error-ruby-gems-windows/.
Hope it'll help anyone in the future!

Rails app using force_ssl on entire site when it shouldn't

Something has changed in my environment and I don't know why. I use SSL only for logging in through my sessions controller, which was working.
force_ssl :only => [:signin] unless Rails.env.development?
After logging in, a user is redirected to the home page, which should not be HTTPS. Now everything is be forced to SSL. In my production.rb file I set force_ssl to false, which it should be by default but that didn't resolve the problem.
I've also tried the solution posted here about using a protocol restraint in routes.rb which didn't work either.
Rails force ssl only on specified controllers
I've restarted nginx and unicorn several times but still forcing SSL. SSL is causing leafjs (map) not to work when my app tries to access its stylesheet and javascript from a remote location.
I could download them into my app but that wouldn't solve the forced_ssl problem.
My app is running on a DigitalOcean droplet, if that makes any difference.

can't log on to wp-admin when wordpress is hosted as a rails subdirectory

I have a rails app on heroku, and a wordpress-heroku install also on heroku. I'm using the rack-reverse-proxy gem to redirect my wordpress to the /blog directory on my rails app. I followed all the instructions here:
http://rywalker.com/setting-up-a-wordpress-blog-on-heroku-as-a-subdirectory-of-a-rails-app-also-hosted-on-heroku
When I access my wordpress blog on its normal address, everything works fine. However, when I have it set up under a subdirectory of my rails app, I can't log in. I go to wp-login.php I enter my credentials, get forwarded to /blog/wp-admin.php, and then immediately I am redirected back to /blog/wp-login.php?redirect_to=http%3A%2F%2Flocalhost%3A3000%2Fwp-admin%2F&reauth=1. The only cookie that gets set is the wordpress_test_cookie, but none of the other wordpress cookies make any appearance in my browser.
I have tried many things to fix this including using rack-reverse-proxy to forward all rails traffic to wordpress, so I don't have to use a /blog subdirectory in case that was causing the problem. But the exact same behavior results. I've also determined that the :preserve_host setting in the Rack::ReverseProxy config doesn't seem to make any difference whether it's true or false.
Ideas?
A) What do you have in your wp-config.php? Should be something like this:
define('WP_SITEURL', 'http://www.DOMAIN.com/blog');
define('WP_HOME', 'http://www.DOMAIN.com/blog');
B) In the Rack::ReverseProxy settings, are you pointing to the blog (wordpress) herokuapp.com URL, not the main site (rails) URL, right? I realize my post isn't clear on that point.
I finally tracked this down to a bug in rack-reverse-proxy. The set-cookie header was being sent in an improper format, so only the first cookie was being interpreted correctly by the browser. That happened to be the wordpress test cookie. All the other (useful) ones were being thrown away, so of course I could not log in.
I plan to submit a bug and branch to rack-reverse-proxy but in the meantime I fixed it with this patch in my config.ru:
class MyReverseProxy < Rack::ReverseProxy
private
def create_response_headers(http_response)
response_headers = super(http_response)
if response_headers
if response_headers["Set-Cookie"].is_a?(Array)
response_headers["Set-Cookie"] = response_headers["Set-Cookie"].join("\n")
end
end
response_headers
end
end
# this is to make /blog show my wordpress blog
use MyReverseProxy do
reverse_proxy_options :preserve_host => false
reverse_proxy(/^\/blog(\/.*)$/, 'http://your-blog-server.com$1')
end

Resources