Closed xdougx closed 8 years ago
Please use the mailing list or StackOverflow for questions/help, where a wider community will be able to help you. We reserve the issues tracker for issues only.
After dive in into rails code i've found something strange @rafaelfranca
using authenticity_token
and csrf_meta_tags
i started to see what is this validation, and i've founded this:
S4ZPE9yTx2fETg+2iWGU/txzfVT6HWU6auq5g4U9HDdhExU/ZjOmSx6MxVYdLwcbpoJLPkrvqyqn1KrHoHw8hw==
K?Oܓ?g?N??a???s}T?e:j깃?=7a?f3?K??V/?K>J?*?ԪǠ|<?
64
32
my authenticity_token
has 64 length and the AUTHENTICITY_TOKEN_LENGTH is 32
what i need to do to solve it, im on rails 4.2.4
It is expected. What I could see is that your from has two authenticity_token
maybe that is the reason for the failure.
It is expected because we mask the token in HTML so we avoid BREACH attack, but the real toke size is 32 characters. Rails is also backward compatible so not masked tokens are also accepted.
I already removed the second one, before send this message, i was testing to use the manual tag, thats why that html has 2 tokens. Back to the code the first check on the method valid_authenticity_token
is the size, but there are any way to change this token? Or see why this token was created with 64 length?
No, wait, the session is just a {}
, it never will pass on the validation
Im getting
I have this form
the debbug show it on params
and it in Toggle session dump
Im stuck on it, have no idea whats going on, some one can help?