Open anusharanganathan opened 6 years ago
Looks like this is a known error in Devise https://github.com/plataformatec/devise/issues/2432 with rails 4 though I am using rails 5.
Removing protect_from_forgery with: :exception
from applications controller fixes this issue. Is that the right thing to do?
Hmmm.. I don't see this error in the dockerised version which makes me think it is possibly a hosting/serving issue?
I wouldn't recommend removing the protect_from_forgery
option without good reason, as it helps prevent 3rd party hacks.
Maybe we could do a side-by-side comparison of update request to pinpoint where the issue is?
Switch off JWT and test if error is see. An alternate simpler implementation would be https://github.com/anusharanganathan/data2paper/issues/68
TO ANYONE ARRIVING HERE, DO NOT REMOVE protect_from_forgery
- this is an essential Rails security mechanism that prevents Cross Side Scripting Attacks. Sometimes this error happens. You can't completely eliminate it, in fact you shouldn't! Please see this Stack Overflow thread for some strategies on how to more gracefully handle the exception.
Before you do anything that could impact your applications security, please learn more about protect_from_forgery
and why its important. Don't simply remove it because you're getting an error every now and then.
I see this error in Chrome and Opera. Not in Firefox This error appears with all POSTS, except when logging in using ORCID
To reproduce, login using admin login.
ActionController::InvalidAuthenticityToken in Hyrax::DataPapersController#update
Stack trace