ActionController::InvalidAuthenticityToken in ActiveAdmin::Devise::SessionsController#create
I'm using Ruby on Rails 5 Api app with modification to enable Active Admin. Everything was fine until now. I don't remember doing any changes in the app, but now, if I delete cookies and etc on the browser, I can't login to the active admin app and this error is what I get:
I tried to add in application controller both
protect_from_forgery :with => :exception
and
protect_from_forgery :with => :null_session
but none have worked. This is my application controller:
class ApplicationController < ActionController::Base
# protect_from_forgery :with => :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
attributes = [:name]
devise_parameter_sanitizer.permit(:sign_up, keys: attributes)
end
endI don't know what causing it and how to solve it. Thanks beforehand.
Solution
Now it's working. After I restart my computer and added the line:
protect_from_forgery prepend: true, with: :exception
instead in the application controller, it worked.
- How to authenticate Google APIs (Google Drive API) from Google Compute Engine and locally without downloading Service Account credentials?
- Access GitLab repo with project access token
- How to ensure receiving an SMS verification code from Telegram using Telethon?
- How Do I Use KeyCloak in Flutter
- How to login with AWS CLI using credentials profiles
- How do I use the usethis package when I have already developed an R package on GitHub?
- How to update github token on linux?
- Add custom JwtBearerHandler to "AddMicrosoftIdentityWebApi" in .net7
- How to make a simple authentication in Google Forms using Google apps script?
- How handle refresh token and access token for auth system
- How to connect snowsql from PC (Windows 10)
- I am trying to create a stored procedure to check passwords of logins
- Restful API call using IOS with authentication
- Get serverAuthCode using Credential Manager
- Why can't Google Drive be mounted anymore and shows a browser popup instead of a link for authorization?
- How to store httpOnly cookie after redirect from custom SSO?
- Where to store the refresh token on the Client?
- Tiktok client key
- JWT Token returns NULL .NET API Login
- Update Next.js to React 18 breaks my API calls using next-auth
- What is the maximum length of a SID in SDDL format
- Can I use wildcards in the web.config location path attribute?
- Minimal API or AccountController for Login with ASP.NET Core Identity?
- Next.js with Clerk Auth - how to detect if a user just signed up?
- Is it okay to check user claims in AuthorizationHandler only if a route parameter requires users to be authorized?
- Conflicting Basic & Bearer Authorization between nginx and my webapp
- How does cookie-based authentication work?
- How to redirect to same page after login in opencart 3.0.2.0?
- Why does Django use is_staff and is_superuser instead of making those a permission?
- How can i prevent from Login component render when Firebase Authentication hasn't yet determined