ActionController::InvalidAuthenticityToken Errors

[garethrees]

Some stats on the ActionController::InvalidAuthenticityToken errors we're getting through.

location,last_occurrence,total_occurrences
request#new,2018-01-25,111
comment#new,2017-12-16,18
password_changes#create,2017-12-07,11
request#describe_state,2018-01-19,10
followups#preview,2018-01-21,6
account_request#create,2017-11-14,4
general#not_found,2017-12-14,1

When we investigate these, we should probably create a ticket for each so that notes are collected next to the exception report.

[garethrees]

Looks like there's a recent-ish issue of this being a problem with mobile safari https://blog.alex-miller.co/rails/2017/01/07/rails-authenticity-token-and-mobile-safari.html

[garethrees]

I've just experienced some weirdness that may account for this.

• I'm signed in in a tab
• In a new tab, I click a WDTK URL from Twitter
• I land on WDTK, not signed in.
• I click "sign in" as I want to go to the admin page of the URL
• I get immediately redirected back, signed in, without having to enter password

In this case, if I'd submitted a form I don't think it would contain an auth token, but because I'm actually signed in we'd check it, and it would fail because its blank.