Rails + Emberjs: Can't verify CSRF token authenticity

0
votes

I'm new to using rails as an api with an Emberjs front-end. I'm getting a 'Completed 422 Unprocessable Entity' and Can't verify CSRF token authenticity whenever I try to do a POST request

I've seen a couple of posts and solutions saying to insert this function

$(function() {
    var token = $('meta[name="csrf-token"]').attr('content');
    return $.ajaxPrefilter(function(options, originalOptions, xhr) {
        return xhr.setRequestHeader('X-CSRF-Token', token);
    });
});

Where is the appropriate place to implement CSRF in an ember-cli project?

UPDATE: 10/1/2015

my app/adapters/application.js looks something like this now:

import DS from 'ember-data';

export default DS.ActiveModelAdapter.extend({
  headers: Ember.computed(function(){
    var token = Ember.$('meta[name="csrf-token"]').attr('content');

    return {"X-CSRF-Token": token};
  })
});

However, i'm still getting the same error messages...

1
ruby-on-railsember.js
You should add this in your application adapter - you can use the headers hash to do this.elithrar

1 Answers

1
votes

The easiest solution would be to add this to your manifest file:

#= require jquery-ujs

Or you could extend your application adapter to always include CSRF token:

ApplicationAdapter = DS.RESTAdapter.extend
  headers:
    "X-CSRF-Token": $('meta[name="csrf-token"]').attr('content')