I have a Rails 3.2 App where I need to accept POST requests from a 3rd party.
I want to store the incoming requests in my 'message' model.
My MessageController looks as follows:
class MessagesController < ApplicationController
protect_from_forgery :except => :create
...
def create
#message = Message.new(content: params[:content], command: params[:command], messageId: params[:messageId], ...)
respond_to do |format|
if #message.save
...
The requests I'm receiving look like this:
curl -d "content=GUESTTEST&command=deliverMessage&messageId=11389622" https://[myapp].herokuapp.com/messages
This works fine locally (http://localhost:3000/messages) but as soon as I switch to heroku, the requests don't work anymore.
heroku logs
says:
2012-08-13T07:54:01+00:00 app[web.1]: Started POST "/" for 178.195.215.59 at 2012-08-13 07:54:01 +0000
2012-08-13T07:54:01+00:00 app[web.1]: Processing by StaticPagesController#home as */*
2012-08-13T07:54:01+00:00 app[web.1]: Parameters: {"content"=>"GUESTTEST", "time"=>"2012-08-01 10:09:03", "businessNumber"=>"5555", "sessionId"=>"5555CHS1343808543654", "operatorCode"=>"99999", "msisdn"=>"0099955291", "keyword"=>"GUESTTEST", "command"=>"deliverMessage", "messageId"=>"11389622"}
2012-08-13T07:54:01+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
2012-08-13T07:54:01+00:00 app[web.1]: Rendered static_pages/home.html.erb within layouts/application (1.1ms)
2012-08-13T07:54:01+00:00 app[web.1]: Rendered layouts/_shim.html.erb (0.0ms)
2012-08-13T07:54:01+00:00 app[web.1]: Rendered layouts/_header.html.erb (0.9ms)
2012-08-13T07:54:01+00:00 app[web.1]: Rendered layouts/_footer.html.erb (0.2ms)
2012-08-13T07:54:01+00:00 app[web.1]: Completed 200 OK in 6ms (Views: 5.6ms | ActiveRecord: 0.0ms)
2012-08-13T07:54:01+00:00 heroku[router]: POST guestlist12.herokuapp.com/ dyno=web.1 queue=0 wait=0ms service=72ms status=200 bytes=2425
What do I need to change to allow the posts to work without the CSRF token?
Any help is much appreciated!
Summarizing the answer from the comments in order to remove this question from the "Unanswered" filter:
[Remove] protect_from_forgery [from the] application controller.
~ answer per Amol Pujari
Related
I've been having a little issue with one of the apps I deployed to Heroku. Locally the app works fine, however on Heroku when I press a button that illicits an Ajax request I get a 500 error. The error is more specifically coming from a method within my controller called adding. Below are the logs from Heroku. Link to app: https://ouinyc.herokuapp.com/
**p.s to see the button that's giving the error you have to sign up, it's the two buttons below the stop and play buttons. **
Curiously this is the error that stands out the most.
NoMethodError (undefined method `delete!' for nil:NilClass):
app/controllers/static_pages_controller.rb:27:in `add_song'
Below are some of the logs from Heroku
2016-04-25T22:28:09.603876+00:00 app[web.1]: vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/lock.rb:17:in `call'
2016-04-25T22:28:09.603878+00:00 app[web.1]: vendor/ruby-2.2.4/lib/ruby/2.2.0/webrick/httpserver.rb:138:in `service'
2016-04-25T22:28:09.603874+00:00 app[web.1]: vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/sendfile.rb:113:in `call'
2016-04-25T22:28:09.603875+00:00 app[web.1]: vendor/bundle/ruby/2.2.0/gems/railties-4.2.5/lib/rails/engine.rb:518:in `call'
2016-04-25T22:28:09.603879+00:00 app[web.1]: vendor/ruby-2.2.4/lib/ruby/2.2.0/webrick/httpserver.rb:94:in `run'
2016-04-25T22:28:09.603877+00:00 app[web.1]: vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/content_length.rb:15:in `call'
2016-04-25T22:28:09.603878+00:00 app[web.1]: vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/handler/webrick.rb:88:in `service'
2016-04-25T22:28:09.603880+00:00 app[web.1]: vendor/ruby-2.2.4/lib/ruby/2.2.0/webrick/server.rb:294:in `block in start_thread'
2016-04-25T22:28:09.603881+00:00 app[web.1]:
2016-04-25T22:28:09.603881+00:00 app[web.1]:
2016-04-25T22:28:11.095771+00:00 app[web.1]: Rendered layouts/_shim.html.erb (0.4ms)
2016-04-25T22:28:11.133322+00:00 app[web.1]: Rendered layouts/_audio_part.html.erb (7.2ms)
2016-04-25T22:28:11.133624+00:00 app[web.1]: Completed 200 OK in 50ms (Views: 45.6ms | ActiveRecord: 3.8ms)
2016-04-25T22:28:11.107578+00:00 app[web.1]: Rendered layouts/_header.html.erb (7.9ms)
2016-04-25T22:28:11.105471+00:00 app[web.1]: User Load (3.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
2016-04-25T22:28:11.120143+00:00 app[web.1]: Rendered layouts/_footer.html.erb (2.8ms)
2016-04-25T22:28:11.090234+00:00 app[web.1]: Rendered static_pages/home.html.erb within layouts/application (0.6ms)
2016-04-25T22:28:11.081117+00:00 app[web.1]: Started GET "/home" for 98.14.169.85 at 2016-04-25 22:28:11 +0000
2016-04-25T22:28:11.083194+00:00 app[web.1]: Processing by StaticPagesController#home as HTML
2016-04-25T22:28:11.135758+00:00 heroku[router]: at=info method=GET path="/home" host=ouinyc.herokuapp.com request_id=2be011c5-bff4-4ac6-8c0b-a681f7826f32 fwd="98.14.169.85" dyno=web.1 connect=0ms service=63ms status=200 bytes=7100
2016-04-25T22:28:23.338889+00:00 heroku[router]: at=info method=GET path="/90210%20by%20Travis%20Scott.mp3" host=ouinyc.herokuapp.com request_id=b8770d58-15e2-40d9-a002-8ddd4fb9d4db fwd="98.14.169.85" dyno=web.1 connect=0ms service=166ms status=206 bytes=8526220
2016-04-25T22:28:41.387156+00:00 heroku[router]: at=info method=POST path="/adding" host=ouinyc.herokuapp.com request_id=5c6bd67b-2c43-4086-90ff-b0fd0f524cd9 fwd="98.14.169.85" dyno=web.1 connect=0ms service=58ms status=500 bytes=1754
2016-04-25T22:28:41.375423+00:00 app[web.1]: Started POST "/adding" for 98.14.169.85 at 2016-04-25 22:28:41 +0000
2016-04-25T22:28:41.377153+00:00 app[web.1]: Processing by StaticPagesController#add_song as */*
2016-04-25T22:28:41.377249+00:00 app[web.1]: Parameters: {"data_value"=>"\"https://ouinyc.herokuapp.com/90210%20by%20Travis%20Scott.mp3\"", "authenticity_token"=>""}
2016-04-25T22:28:41.379928+00:00 app[web.1]: User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
2016-04-25T22:28:41.381122+00:00 app[web.1]: User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 1]]
2016-04-25T22:28:41.382269+00:00 app[web.1]: Completed 500 Internal Server Error in 5ms (ActiveRecord: 1.0ms)
2016-04-25T22:28:41.385136+00:00 app[web.1]:
2016-04-25T22:28:41.385145+00:00 app[web.1]: NoMethodError (undefined method `delete!' for nil:NilClass):
2016-04-25T22:28:41.385146+00:00 app[web.1]: app/controllers/static_pages_controller.rb:27:in `add_song'
2016-04-25T22:28:41.385147+00:00 app[web.1]:
edit
So the issue looks like it has to deal with the controller. That said I don't understand why it's saying the string object is empty.
Controller
class StaticPagesController < ApplicationController
respond_to :js, :json, :html
def get_songs()
if user_signed_in?
session[:user_id] = current_user.id
present_user = User.find(session[:user_id])
present_user = present_user.playlist.keys
#songs = present_user
respond_to do |format|
format.json { render :json => #songs}
end
end
end
def add_song()
if user_signed_in?
session[:user_id] = current_user.id
present_user = User.find(session[:user_id])
var = params[:data_value]
var = var.sub!("http://localhost:3000/", "")
var.delete!('""','')
present_user.playlist.store(var, 1)
if present_user.save
render json: {success: "It works"}
end
end
end
def remove_song()
if user_signed_in?
session[:user_id] = current_user.id
present_user = User.find(session[:user_id])
var = params[:data_value]
present_user.playlist.delete(var)
if present_user.save
render json: {success: "It works"}
end
end
end
def news
end
def home
end
end
ajax request
$.ajax({
url: "removing",
type: "post",
data: {data_value: JSON.stringify(player.src), authenticity_token: "<%= #form_auth_token %>" }
}
);
Well, the problem code is the following, please dont' used without a real reason non-pure methods with !. And this line evaluated var to nil, since previous value of var has no prefixed line:
var = var.sub!("http://localhost:3000/", "")
so next var.delete! riases the exception:
Well the part of code:
var = params[:data_value]
var = var.sub!("http://localhost:3000/", "")
var.delete!('""','')
present_user.playlist.store(var, 1)
can be replaced with (since you are passing JSON encoded value):
song = JSON.parse((params[:data_value]).sub("localhost:3000/", ""),
{:quirks_mode => true})'
present_user.playlist.store(song, 1)
I'm using wicked_pdf, working fine. However, the server seems to render/execute wicked twice for only one call, resulting in one pdf-file. Can anyone tell me why? The server log looks like this:
2016-03-16T21:53:11.659341+00:00 app[web.1]: Started GET "/wpdf" for 99.99.99.99 at 2016-03-16 21:53:11 +0000
2016-03-16T21:53:11.661184+00:00 app[web.1]: Processing by SomeStoriesController#wpdf as HTML
2016-03-16T21:53:11.661632+00:00 app[web.1]: ***************WICKED***************
2016-03-16T21:53:11.663620+00:00 app[web.1]: Rendered some_stories/wpdf.html.erb (1.1ms)
2016-03-16T21:53:13.128754+00:00 heroku[router]: at=info method=GET path="/wpdf" host=xxxx.herokuapp.com request_id=3ca3a32a-2c40-4052-b7fb-8d333b7277c6 fwd="99.99.99" dyno=web.1 connect=0ms service=1477ms status=200 bytes=18490
2016-03-16T21:53:13.132369+00:00 app[web.1]: Rendered text template (0.0ms)
2016-03-16T21:53:13.132480+00:00 app[web.1]: Sent data file_name.pdf (0.5ms)
2016-03-16T21:53:13.132673+00:00 app[web.1]: Completed 200 OK in 1471ms (Views: 0.4ms | ActiveRecord: 0.0ms)
2016-03-16T21:53:13.362617+00:00 app[web.1]: Started GET "/wpdf" for 99.99.99.99 at 2016-03-16 21:53:13 +0000
2016-03-16T21:53:13.363827+00:00 app[web.1]: Processing by SomeStoriesController#wpdf as HTML
2016-03-16T21:53:13.364250+00:00 app[web.1]: ***************WICKED***************
2016-03-16T21:53:13.365987+00:00 app[web.1]: Rendered some_stories/wpdf.html.erb (1.1ms)
2016-03-16T21:53:14.468550+00:00 heroku[router]: at=info method=GET path="/wpdf" host=xxxx.herokuapp.com request_id=5b70cf38-bc29-45fd-8287-3a01b0b1372a fwd="99.99.99.99" dyno=web.1 connect=0ms service=1114ms status=200 bytes=18490
2016-03-16T21:53:14.472015+00:00 app[web.1]: Rendered text template (0.0ms)
2016-03-16T21:53:14.472110+00:00 app[web.1]: Sent data file_name.pdf (0.4ms)
2016-03-16T21:53:14.472271+00:00 app[web.1]: Completed 200 OK in 1108ms (Views: 0.3ms | ActiveRecord: 0.0ms)
I am also experiencing the same issue. It is only occurring in Chrome and is not happening in Firefox or IE.
Looks like a bug in Chrome - Chrome sends two requests when downloading a PDF (and cancels one of them)
Looks like it will be fixed in v54 of Chrome.
my problem: I have a rails app, now i see at logs on production and dev different computers, that something double all actions:
routes:
root "main_page#index"
resources :search, only: [:index]
logs heroku (production)
2014-02-10T07:45:08.214686+00:00 app[web.1]: Started GET "/search?type=shortdata
&data=501" for 1.1.1.1 at 2014-02-10 07:45:08 +0000
2014-02-10T07:45:08.214734+00:00 app[web.1]: Started GET "/search?type=shortdata
&data=501" for 1.1.1.1 at 2014-02-10 07:45:08 +0000
2014-02-10T07:45:08.222497+00:00 heroku[router]: at=info method=GET path=/search
?type=shortdata&data=501 host=app.herokuapp.com request_id=4a0c2345-336
e-44fd-b33b-44caeb3bac90 fwd="1.1.1.1" dyno=web.1 connect=0ms service=13m
s status=304 bytes=0
2014-02-10T07:45:08.217106+00:00 app[web.1]: Processing by SearchController#inde
x as JSON
2014-02-10T07:45:08.217106+00:00 app[web.1]: Processing by SearchController#inde
x as JSON
2014-02-10T07:45:08.217106+00:00 app[web.1]: Parameters: {"type"=>"shortdata",
"data"=>"501"}
2014-02-10T07:45:08.217106+00:00 app[web.1]: Parameters: {"type"=>"shortdata",
"data"=>"501"}
2014-02-10T07:45:08.222806+00:00 app[web.1]: Completed 200 OK in 5ms (Views: 0.5
ms | ActiveRecord: 3.9ms)
2014-02-10T07:45:08.222806+00:00 app[web.1]: Completed 200 OK in 5ms (Views: 0.5
ms | ActiveRecord: 3.9ms)
controller:
def index
data = params[:data]
type=params[:type]
if type==ShortDataType
if likeAZip?(data)
render(json:shortSearchByZip(data)) && return
else
render(json:shortSearchByCity(data)) && return
end
else
render json:nothing
end
end
no callbacks, set (puts 1 after "def index") - it go to logs only 1 times - result:
Started GET "/search?type=shortdata&data=501" for 127.0.0.1 at 2014-02-10 18:54:
38 +1100
Started GET "/search?type=shortdata&data=501" for 127.0.0.1 at 2014-02-10 18:54:
38 +1100
Processing by SearchController#index as JSON
Processing by SearchController#index as JSON
Parameters: {"type"=>"shortdata", "data"=>"501"}
Parameters: {"type"=>"shortdata", "data"=>"501"}
1
(2.0ms) select .....
what is it?
The problem was in gem rails_12factor
That was included in all ENV, and it made double logging.
Actions really make only once
Now I add group: :production to gem, and plan to change webrick web server to other in prod
thanks for the help
Ruby on rails application working in development but crashes in Heroku. In the application I put values in a struct (Selection) which I then load to an array (#selections) for a drop down window selection on the screen. I have found the line causing this error, see print statements in rails code and on Heroku log, but don't know how to fix it. Have tried a number of alternatives but so far no luck. As I specify a version of ruby in my gemfile (ruby '1.9.3') my understanding is that Heroku would use this version of Ruby (e.g error not caused by different versions of Ruby).
any help appreciated
thanks
Pierre
The Drill controller
Selection = Struct.new(:id, :name, :table_index, :user_valuation)
class DrillsController < ApplicationController
before_filter :current_user
before_filter :load_drill, except: [:index, :new, :create]
…..
def load_evaluation_assumption_selections
load_stake
#selections = []
list_of_companies = []
index = 0
#resource_estimations = #drill.resource_estimations
if #resource_estimations.present?
#resource_estimations.each do |u|
unless list_of_companies.include?(u.company_id)
list_of_companies.push(u.company_id)
if u.company_id == #stake.company_id
company_name = "default"
else
company_name = u.company.name
end
puts "ZZZZZ - before load struct, Selection, to array #selections"
#selections += [Selection.new(index, company_name, u.id, false)]
puts "ZZZZZ - after load struct, Selection, to array #selections"
index += 1
end
end
end
Heroku log
2013-10-17T05:18:23.714529+00:00 app[web.2]: Rendered stakes/_drill_interests.html.erb (3.3ms)
2013-10-17T05:18:23.714529+00:00 app[web.2]: Rendered stakes/_form.html.erb (21.0ms)
2013-10-17T05:18:23.714529+00:00 app[web.2]: Rendered resource_estimations/_edit_multiple.html.erb (19.5ms)
2013-10-17T05:18:23.714529+00:00 app[web.2]: Rendered drills/edit.html.erb within layouts/application (72.2ms)
2013-10-17T05:18:23.721851+00:00 heroku[router]: at=info method=GET path=/drills/9/edit host=quiet-fortress-3338.herokuapp.com fwd="203.45.50.22" dyno=web.2 connect=1ms service=102ms status=304 bytes=0
2013-10-17T05:18:23.714529+00:00 app[web.2]: Completed 200 OK in 92ms (Views: 65.6ms | ActiveRecord: 15.4ms)
2013-10-17T05:18:26.140463+00:00 app[web.2]: Started GET "/drills/9/investor" for 203.45.50.22 at 2013-10-17 05:18:26 +0000
2013-10-17T05:18:26.169417+00:00 app[web.2]: ZZZZZ - before load struct, Selection, to array #selections
2013-10-17T05:18:26.173260+00:00 app[web.2]:
2013-10-17T05:18:26.173260+00:00 app[web.2]: ArgumentError (wrong number of arguments (4 for 1)):
2013-10-17T05:18:26.173260+00:00 app[web.2]: app/controllers/drills_controller.rb:232:in `new'
2013-10-17T05:18:26.173260+00:00 app[web.2]: app/controllers/drills_controller.rb:232:in `block in load_evaluation_assumption_selections'
2013-10-17T05:18:26.173260+00:00 app[web.2]: app/controllers/drills_controller.rb:223:in `load_evaluation_assumption_selections'
2013-10-17T05:18:26.173260+00:00 app[web.2]: app/controllers/drills_controller.rb:59:in `investor'
2013-10-17T05:18:26.173260+00:00 app[web.2]:
2013-10-17T05:18:26.173260+00:00 app[web.2]:
2013-10-17T05:18:26.174044+00:00 app[web.2]: Processing by DrillsController#investor as HTML
2013-10-17T05:18:26.174044+00:00 app[web.2]: Parameters: {"id"=>"9"}
2013-10-17T05:18:26.174044+00:00 app[web.2]: Completed 500 Internal Server Error in 23ms
2013-10-17T05:18:26.171782+00:00 heroku[router]: at=info method=GET path=/drills/9/investor host=quiet-fortress-3338.herokuapp.com fwd="203.45.50.22" dyno=web.2 connect=1ms service=37ms status=500 bytes=643
I gave up trying to use a struct for the menu selection options and used a Hash instead.
Pierre
The problem I'm having seems to be that Devise's authenticate_#{role}! method is hijacking my registration attempt.
Started GET "/client/sign_up" for 127.0.0.1 at 2012-01-14 12:02:52 +0000
Processing by Client::RegistrationsController#new as HTML
Rendered /Users/robertwwhite/.rvm/gems/ruby-1.9.2-p290/gems/devise-1.5.3/app/views/devise/shared/_links.erb (1.4ms)
Rendered client/registrations/new.html.haml within layouts/application (97.6ms)
Rendered client/_navigation.html.haml (1.6ms)
Rendered shared/_flash_messages.html.haml (0.1ms)
Completed 200 OK in 126ms (Views: 116.4ms | ActiveRecord: 7.2ms)
Started POST "/client" for 127.0.0.1 at 2012-01-14 12:02:58 +0000
Processing by WishesController#index as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"vq3wgsQeb4eoxhb3sw2Q2kd4edIoOxIfrzJ/WzJUAn0=", "client"=>{"email"=>"bacon#example.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
Completed 401 Unauthorized in 13ms
Started GET "/client/sign_in" for 127.0.0.1 at 2012-01-14 12:02:58 +0000
Processing by Client::SessionsController#new as HTML
Rendered /Users/robertwwhite/.rvm/gems/ruby-1.9.2-p290/gems/devise-1.5.3/app/views/devise/shared/_links.erb (1.0ms)
Rendered client/sessions/new.html.haml within layouts/application (16.5ms)
Rendered client/_navigation.html.haml (1.5ms)
Rendered shared/_flash_messages.html.haml (0.3ms)
Completed 200 OK in 60ms (Views: 38.6ms | ActiveRecord: 6.4ms)
I've tried overriding the after_signup_path_for(resource_or_scope) but it seems to be getting ignored.
# app/controllers/application_controller.rb
def after_sign_up_path_for(resource_or_scope)
random_path
end
So as it stands users can't register to the site in the first place. Any ideas?
Have you checked to make sure non of your routes are overriding the default devise routes/methods?
Edited by HaaR for clarity of users with similar problem:
I had the following in my config/routes.rb above my devise_for methods.
match "client" => "wishes#index"
Which was overriding Devise's
devise_for :clients, :path => :client
By moving it below, it gives Devise priority, and still passes the get request to the appropriate controller and action without hijacking the POST requests.