Closed killernova closed 7 years ago
Thanks for this idea. I think a better solution is simply to exclude both controller actions from the CSRF verification completely. I've built and published a new version of the gem (0.9.5) which does this. Please give it a try and let me know if you experience further problems.
The latest version helps this problem, thanks.
The reason of 'CSRF token invalid' is because all the session is removed, but the csrf-toekn session really should not be included in those clear groups. So just copy the original session[:_csrf_token] and assign back after reset session would help to solve the problem. In this way, user do not have to modify any code.