WARNING: Can't verify CSRF token authenticity

0
votes

Info: I'm on development. Running on port 3000 on http. On my sign in page, the only session info is = 

:_csrf_token    "JISqEbDHAxteJM2E96/S/9iimgBLwVsLP37CpvIBo/A="

Sign in form has this hidden element:

<input name="authenticity_token" type="hidden" value="JISqEbDHAxteJM2E96/S/9iimgBLwVsLP37CpvIBo/A=">

So the CSRF seems to match. But when I enter my user name and password, first it says WARNING: Can't verify CSRF token authenticity then in the logs I see that it updates my 'last_sign_in', which leads me to believe it successfully logs in. devise::sessionsController#create is being called.

Things I've confirmed:

  1. app/views/layouts/application.html.erb has <%= csrf_meta_tag %> in it
  2. jquery_ujs.js is being loaded on the page, which I believe adds CSRF info to any jquery ajax requests.

I started messing with my application server around the time this problem came up.

1
ruby-on-railsssldevise

1 Answers

0
votes

This is not the root cause, but just a higher level reason was the fact that I was not serving it with SSL certs. This, somehow, was causing it not to work. Once I added SSL instead of HTTP to my development app, it all worked again. Anyone have an idea why?