Can't verify CSRF token authenticity.

[antorkhan]

Started POST "/sortable/reorder" for 127.0.0.1 at 2020-01-12 12:41:01 +0600 (5.7ms) SET NAMES utf8, @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483 ↳ /home/antor/.rbenv/versions/2.6.1/lib/ruby/gems/2.6.0/gems/activerecord-5.2.4/lib/active_record/log_subscriber.rb:98 Processing by SortableController#reorder as JSON Parameters: {"rails_sortable"=>["", "", "BAhJIhljbGFzcz1DYXRlZ29yeSxpZD03NQY6BkVU--3df0e59095232c47d843bb15ba70617fca795cd5", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xMzQxBjoGRVQ=--1716a9f35cbc3d0d80c6b0d0cec832d926661de2", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD03NDkGOgZFVA==--aded82ab33d98d6de7318fd29f06fa1c1e1e2f25", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD04NTYGOgZFVA==--198ff8301fa71a022ba26d2f6a09a52ac1e1ffe5", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xNzE0BjoGRVQ=--c75e1a13b21dd8f32eefcffc6fd1a4a27fc071fe", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD04NjgGOgZFVA==--e8388278f97d31bfa371b5ce39ff004354f08f45", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0zNzkGOgZFVA==--35c38f86747ba34f99803826852fc5c318adb64e", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0yODIGOgZFVA==--3313e77704972b34da4ed0c945c1747c9bbc91c9", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD02NjEGOgZFVA==--1c5ccd56c42890683d3c1f3ebe0652e6b2c53686", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xNzY0BjoGRVQ=--78b096d9c90cfca2b74787c31edecc82fbd78ce1", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0zMzMGOgZFVA==--487e1f5cf26241d8393887aaf85a7462ed17e8b8", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xMjQzBjoGRVQ=--024cef1f0ec9c4c069e2d6768ba54654660a1968"], "sortable"=>{"rails_sortable"=>["", "", "BAhJIhljbGFzcz1DYXRlZ29yeSxpZD03NQY6BkVU--3df0e59095232c47d843bb15ba70617fca795cd5", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xMzQxBjoGRVQ=--1716a9f35cbc3d0d80c6b0d0cec832d926661de2", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD03NDkGOgZFVA==--aded82ab33d98d6de7318fd29f06fa1c1e1e2f25", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD04NTYGOgZFVA==--198ff8301fa71a022ba26d2f6a09a52ac1e1ffe5", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xNzE0BjoGRVQ=--c75e1a13b21dd8f32eefcffc6fd1a4a27fc071fe", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD04NjgGOgZFVA==--e8388278f97d31bfa371b5ce39ff004354f08f45", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0zNzkGOgZFVA==--35c38f86747ba34f99803826852fc5c318adb64e", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0yODIGOgZFVA==--3313e77704972b34da4ed0c945c1747c9bbc91c9", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD02NjEGOgZFVA==--1c5ccd56c42890683d3c1f3ebe0652e6b2c53686", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xNzY0BjoGRVQ=--78b096d9c90cfca2b74787c31edecc82fbd78ce1", "BAhJIhpjbGFzcz1DYXRlZ29yeSxpZD0zMzMGOgZFVA==--487e1f5cf26241d8393887aaf85a7462ed17e8b8", "BAhJIhtjbGFzcz1DYXRlZ29yeSxpZD0xMjQzBjoGRVQ=--024cef1f0ec9c4c069e2d6768ba54654660a1968"]}} Can't verify CSRF token authenticity. Completed 422 Unprocessable Entity in 37ms (ActiveRecord: 0.0ms)

[itmammoth]

Hi, @antorkhan This is not a matter of this gem. See the https://stackoverflow.com/questions/35181340/rails-cant-verify-csrf-token-authenticity-when-making-a-post-request

[antorkhan]

Thank You for the reply.However I disabled CSRF token verification in my controller. Does the SortableController verifies CSRF token? Cause disabling verification at the ApplicationController seems to solve it.

[itmammoth]

It does not. SortableController extends your ApplicationController as you see. https://github.com/itmammoth/rails_sortable/blob/master/app/controllers/sortable_controller.rb#L1

[antorkhan]

My Point Too. I don't want to skip csrf token verification on application controller level; just on the sortable_controller, any way to do that?

[itmammoth]

I can show you a workaround. Create config/initializers/rails_sortable.rb

Rails.configuration.to_prepare do
  SortableController.class_eval do
    protect_from_forgery with: :null_session
  end
end