If I set the new rails default of action_controller.default_protect_from_forgery in Rails 5.2+, the server will not start due to an error in stripe-event's webhook_controller:
my_app/shared/bundle/ruby/2.7.0/gems/activesupport-5.2.5/lib/active_support/callbacks.rb:701:in `block (2 levels) in skip_callback': Before process_action callback :verify_authenticity_token has not been defined (ArgumentError)
...
gems/stripe_event-2.3.1/app/controllers/stripe_event/webhook_controller.rb:4:in `<class:WebhookController>'
May 08 11:58:26 gixtra-staging rbenv[854021]: from /home/deploy/gixtra-prod/shared/bundle/ruby/2.7.0/gems/stripe_event-2.3.1/app/controllers/stripe_event/webhook_controller.rb:2:in `<module:StripeEvent>'
May 08 11:58:26 gixtra-staging rbenv[854021]: from /home/deploy/gixtra-prod/shared/bundle/ruby/2.7.0/gems/stripe_event-2.3.1/app/controllers/stripe_event/webhook_controller.rb:1:in `<main>'
If I set this back to fale (or comment it out), everything works.
It seems the culprit is the call to skip :verify_authenticity_token in the webhook_controller, because that method doesn't seem to be defined by the default forgery protection anymore.
If I set the new rails default of
action_controller.default_protect_from_forgery
in Rails 5.2+, the server will not start due to an error in stripe-event'swebhook_controller
:My setting in
application.rb
wasRails.application.config.action_controller.default_protect_from_forgery = true
If I set this back to fale (or comment it out), everything works.
It seems the culprit is the call to skip
:verify_authenticity_token
in thewebhook_controller
, because that method doesn't seem to be defined by the default forgery protection anymore.