search

rails / request.js

MIT License
389 stars 28 forks source link

Can't verify CSRF token authenticity when make a post request with body #44

Closed brunoprietog closed 2 years ago

brunoprietog commented 2 years ago

Hi,

I have been using this library and so far I had only done get requests. I just made a post and Rails Can't verify CSRF token authenticity when passing parameters in the body. If I put the parameters as a query it works. What could it be? I'm using the same code examples that are in the readme and it still doesn't work. I am using rails 7 and importmap.

In addition, in the rails log I see that parameters that I have not set are injected. Specifically, it enters all parameters automatically inside availability (it is the name of my controller) in addition to those already outside.

      const request = new FetchRequest("post", "set_interval", {
        body: {
          day: this.dayValue,
          start_time: this.startTimeFieldTarget.value,
          end_time: this.endTimeFieldTarget.value
        }
      })
      const response = await request.perform()

In rails:

Processing by AvailabilityController#set_interval as HTML                                                               
  Parameters: {"day"=>"mon", "start_time"=>"09:00", "end_time"=>"17:00", "id"=>"bruno-prieto", "availability"=>{"day"=>"mon", "start_time"=>"09:00", "end_time"=>"17:00"}}                                                                      
Can't verify CSRF token authenticity.                                                                                   
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 740)

This is getting very frustrating and I'm getting stuck in development, I would appreciate any help, although I definitely suspect it's an issue.

Thanks!

marcelolx commented 2 years ago

Can you provide an example project in which we can simulate the issue?

brunoprietog commented 2 years ago

Yes, here it is. I noticed that apparently the problem is caused by the rodauth-rails gem, but I don't understand why this error only occurs when using request.js. I'll open an issue there as well in case they can fix it.

After creating the database and performing the migration, try to create an account. When redirecting to the main page or every time it is opened, it automatically makes a request to my_endpoint which should be successful, but that is where the error occurs.

I would appreciate any help.

Thanks!

marcelolx commented 2 years ago

Very appreciated @brunoprietog, I'll take a look in the next few days and come back with something (I don't have time this weekend, probably Monday)