Can't verify CSRF token authenticity in rails

8
votes

I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following - 

def ipn_notification
    ipn = PaypalAdaptive::IpnNotification.new
    ipn.send_back(request.raw_post.to_json)

    print "=====================request.raw_post#{request.raw_post}=============="

    if ipn.verified?
        PaymentMailer.notify_unknown(request.raw_post).deliver
    else
        logger.info "IT DIDNT WORK"
    end
    render :nothing => true
end

but it's returning error 

WARNING: Can't verify CSRF token authenticity rails

Any help for this problem.

3
ruby-on-railscsrfpaypal-adaptive-payments

3 Answers

19
votes

In your controller:

skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]

For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):

  • yes it skips a security BUT... Read after...

  • yes, it's the only way for external website POST requests

  • yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.

15
votes

The correct solution for this problem without compromising security

In your ajax request send the csrf token value as header.

var csrfToken = $("meta[name='csrf-token']").attr("content");
$.ajaxSetup({
  headers: {
    'X-CSRF-Token': csrfToken
  }
});
4
votes

Add the following line in your application.js

//= require jquery_ujs

And try.