InvalidAuthenticityToken

[matt1018]

Info on this is here: https://stackoverflow.com/questions/3364492/actioncontrollerinvalidauthenticitytoken

Below is the crash dump. This is happening on my ajax calls so I'm thinking the authenticitytoken is being cached on the HTTP GET call to the registration page (since it is a GET and not a POST/PATCH). I think I just post the form that is on the page so it makes sense that it would potentially be cached. There's a way not to cache it...I think it says in the above stackoverflow link.

An ActionController::InvalidAuthenticityToken occurred in registrations#step:

ActionController::InvalidAuthenticityToken

---

Request:

• URL : https://www.rbocolorwalk.org/registrations/step
• HTTP Method: POST
• IP address : 76.28.194.58
• Parameters : {"event_id"=>"17", "controller"=>"registrations", "action"=>"step"}
• Timestamp : 2021-07-15 02:38:29 UTC
• Server : 958d67c8-cbf8-43cb-a9f9-73d60739eb8c
  • Rails root : /app
• Process: 4

---

Session:

• session id: [FILTERED]
• data: {"session_id"=>"afa3786489c2dfb1eca61fda6d79875b", "_csrf_token"=>"oKc1lQL1vcvRqGi3tvG7xJLcU5dPtbrtFMB3OSxCLeE="}

---

Environment:

• CONTENT_LENGTH : 11
  • CONTENT_TYPE : application/x-www-form-urlencoded; charset=UTF-8
  • GATEWAY_INTERFACE : CGI/1.2
  • HTTP_ACCEPT : /
  • HTTP_ACCEPT_ENCODING : gzip, deflate, br
  • HTTP_ACCEPT_LANGUAGE : en-US,en;q=0.9
  • HTTP_CONNECTION : close
  • HTTP_CONNECT_TIME : 0
  • HTTP_COOKIE : _ga=GA1.2.420612892.1626314776; _gid=GA1.2.431950956.1626314776; _gat_gtag_UA_122329164_1=1
  • HTTP_HOST : www.rbocolorwalk.org
  • HTTP_ORIGIN : https://www.rbocolorwalk.org
  • HTTP_REFERER : https://www.rbocolorwalk.org/registrations/new?event_id=17
  • HTTP_SEC_FETCH_MODE : cors
  • HTTP_SEC_FETCH_SITE : same-origin
  • HTTP_TOTAL_ROUTE_TIME : 0
  • HTTP_USER_AGENT : Mozilla/5.0 (Linux; Android 9; SM-J737A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.04.2.5157
  • HTTP_VERSION : HTTP/1.1
  • HTTP_VIA : 1.1 vegur
  • HTTP_X_CSRF_TOKEN : 4wZEPJS9bJiAjPNXg08CD7OqkGe9zRA9YCYOnARG0/mxKL/G877JHhX77XEXrsyK/vABAtKoMZ03uhJ8Ew7K8g==
  • HTTP_X_FORWARDED_FOR : 76.28.194.58
  • HTTP_X_FORWARDED_PORT : 443
  • HTTP_X_FORWARDED_PROTO : https
  • HTTP_X_REQUESTED_WITH : XMLHttpRequest
  • HTTP_X_REQUEST_ID : 78d3adfa-9510-45e3-a5a8-3a757e9518a8
  • HTTP_X_REQUEST_START : 1626316709372
  • ORIGINAL_FULLPATH : /registrations/step
  • ORIGINAL_SCRIPT_NAME :
  • PATH_INFO : /registrations/step
  • QUERY_STRING :
  • REMOTE_ADDR : 10.1.95.188
  • REQUEST_METHOD : POST
  • REQUEST_PATH : /registrations/step
  • REQUEST_URI : /registrations/step
  • ROUTES_12240_SCRIPT_NAME :
  • SCRIPT_NAME :
  • SERVER_NAME : www.rbocolorwalk.org
  • SERVER_PORT : 443
  • SERVER_PROTOCOL : HTTP/1.1
  • SERVER_SOFTWARE : puma 3.12.6 Llamas in Pajamas
  • action_controller.instance : #
  • action_dispatch.authenticated_encrypted_cookie_salt : authenticated encrypted cookie
  • action_dispatch.backtrace_cleaner : #
  • action_dispatch.content_security_policy :
  • action_dispatch.content_security_policy_nonce_generator:
  • action_dispatch.content_security_policy_report_only : false
  • action_dispatch.cookies : #
  • action_dispatch.cookies_digest :
  • action_dispatch.cookies_rotations : #
  • action_dispatch.cookies_serializer : json
  • action_dispatch.encrypted_cookie_cipher :
  • action_dispatch.encrypted_cookie_salt : encrypted cookie
  • action_dispatch.encrypted_signed_cookie_salt : signed encrypted cookie
  • action_dispatch.http_auth_salt : http authentication
  • action_dispatch.key_generator : #
  • action_dispatch.logger : #
  • action_dispatch.parameter_filter : [:password]
  • action_dispatch.redirect_filter : []
  • action_dispatch.remote_ip : 76.28.194.58
  • action_dispatch.request.accepts : [#<Mime::Type:0x00007f11dcb03250 @synonyms=[], @symbol=nil, @string="/", @hash=220397080675350327>]
  • action_dispatch.request.content_type : application/x-www-form-urlencoded
  • action_dispatch.request.formats : [#<Mime::Type:0x00007f11dcb03250 @synonyms=[], @symbol=nil, @string="/", @hash=220397080675350327>]
  • action_dispatch.request.parameters : {"event_id"=>"17", "controller"=>"registrations", "action"=>"step"}
  • action_dispatch.request.path_parameters : {:controller=>"registrations", :action=>"step"}
  • action_dispatch.request.query_parameters : {}
  • action_dispatch.request.request_parameters : {"event_id"=>"17"}
  • action_dispatch.request.unsigned_session_cookie : {"session_id"=>"afa3786489c2dfb1eca61fda6d79875b"}
  • action_dispatch.request_id : 78d3adfa-9510-45e3-a5a8-3a757e9518a8
  • action_dispatch.routes : #
  • action_dispatch.secret_key_base : b8082f5f349ef65c227fa12c98afca79937ffdcec0278b43cd99fb99200755779c6b5be84c800a2779f5fa08c4118b1a281cbbaa1d9d4a10bae0c3d5af930bba
  • action_dispatch.secret_token :
  • action_dispatch.show_detailed_exceptions : false
  • action_dispatch.show_exceptions : true
  • action_dispatch.signed_cookie_digest :
  • action_dispatch.signed_cookie_salt : signed cookie
  • action_dispatch.use_authenticated_cookie_encryption : false
  • puma.config : #
  • puma.socket : #
  • rack.after_reply : []
  • rack.errors : #
  • rack.hijack : #
  • rack.hijack? : true
  • rack.input : #
  • rack.multiprocess : false
  • rack.multithread : true
  • rack.request.cookie_hash : {"_ga"=>"GA1.2.420612892.1626314776", "_gid"=>"GA1.2.431950956.1626314776", "_gat_gtag_UA_122329164_1"=>"1"}
  • rack.request.cookie_string : _ga=GA1.2.420612892.1626314776; _gid=GA1.2.431950956.1626314776; _gat_gtag_UA_122329164_1=1
  • rack.request.form_hash : {"event_id"=>"17"}
  • rack.request.form_input : #
  • rack.request.form_vars : [FILTERED]
  • rack.request.query_hash : {}
  • rack.request.query_string :
  • rack.run_once : false
  • rack.session : #
  • rack.session.options : #
  • rack.tempfiles : []
  • rack.url_scheme : http
  • rack.version : [1, 3]

[matt1018]

I made a post on StackOverflow about the best way of handling these and got a link to good information. Do that.