Rails POST Request Invalid Token Authority
I have built a POST request route as:
match '/getActivatedFriends',
to: 'requests#getActivatedFriends', via: 'post',
constraints: { friends_phone_number_csv: /([0-9]+,?)+/ }
with action:
def getActivatedFriends
@results = BusinessUser.find_by_sql("SELECT
a.id
, a.username
, a.phoneNumber
FROM users a
WHERE phoneNumber in ('+params[:friends_phone_number_csv]+') and
removed = 0 and
is_user = 1;")
respond_to do |format|
format.html
format.json { render json: { friends_match: @results }}
end
end
That should return a JSON object of the users that match. I have tested with POSTMAN as:
But what returns is the error noting invalid authenticity token
How can I reconfigure to make this POST route work?
Solution
By default Rails uses CSRF protection in controller. It is add to your form hidden_field with authenticity token. But in your case you do not use form
you can disable CSRF protection on controller by skipping the verification before_action.
Add to top of your requests controller:
skip_before_filter :verify_authenticity_token
or in Rails 4 and 5(it is the same command):
skip_before_action :verify_authenticity_token
- Ruby on Rails / PostgreSQL - Library not loaded error when starting server
- In the `maintenance_tasks` gem, how do we set `limit`?
- How to use active_storage blob with image_processing without temporary files on disk?
- Graphql mutation error: "Field 'createUser' is missing required arguments: input"
- cancancan authorize_resource not working as expected
- How do I dynamically add my Ngrok tunnel to config.hosts in Rails 6?
- Failed doing npm install showing error "Undefined variable standalone_static_library in binding.gyp" and node-sass chokidar error
- Ruby on Rails App crashing After deployment to Heroku
- Rails STI through model using polymorphic - populates source_type from parent class
- Rails 7.2.2 - Invalid input value for enum using positional arguments
- 1 error prohibited this user from being saved: Confirmation token is invalid
- Would it be possible to have multiple database connection pools in rails to switch between?
- How do I rearrange order of comments?
- mysql2 gem compiled for wrong mysql client library
- Sending APN notifications to two different apps from same API
- Validate an Email with a Regex expression in Rails
- How do you display a HTML in view on Ruby on Rails?
- Rails Async Active Job doesn't execute code, while inline does
- Running a rails RJS template from a jquery get request
- Rails 5: STI With Has Many Through Association
- In RSpec, how to mock a method so that it returns its argument
- Rate-limiting for rails controllers
- rails i18n - How to handle case of a nil date being passed ie l(nil)
- ruby (rails) Net::HTTPResponse undefined method closed?
- How to change default timezone for Active Record in Rails?
- Net::SMTPAuthenticationError when sending email from Rails app (on staging environment)
- How do I upgrade Rails?
- What does f.object do in the Rails form builder?
- Package MagickCore was not found in the pkg-config search path
- How to calculate the current week in the month in Ruby