ActionController::InvalidAuthenticityToken in ActiveAdmin::Devise::SessionsController#create
I'm using Ruby on Rails 5 Api app with modification to enable Active Admin. Everything was fine until now. I don't remember doing any changes in the app, but now, if I delete cookies and etc on the browser, I can't login to the active admin app and this error is what I get:
I tried to add in application controller both
protect_from_forgery :with => :exception
and
protect_from_forgery :with => :null_session
but none have worked. This is my application controller:
class ApplicationController < ActionController::Base
# protect_from_forgery :with => :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
attributes = [:name]
devise_parameter_sanitizer.permit(:sign_up, keys: attributes)
end
endI don't know what causing it and how to solve it. Thanks beforehand.
Solution
Now it's working. After I restart my computer and added the line:
protect_from_forgery prepend: true, with: :exception
instead in the application controller, it worked.
- Azure AD Authentication 401 error "the audience is invalid" AddAzureADBearer .Net Core Web Api
- Microsoft Authentication through JMeter in Web Application while login
- how to avoid login without verified email asp.net mvc
- Unable to login due to Foreign key constraint between two tables
- Symfony losing auth session between login and redirect
- LexikJWTAuthenticationBundle - How to grant different access to different path's?
- Why can't Google Drive be mounted anymore and shows a browser popup instead of a link for authorization?
- How do I authenticate user in functional test on Symfony 4?
- WebAuthn: Can't create public key. Promise is rejected
- clerk Authentication afterSignOutUrl property not known typescript error in React
- Laravel: Auth::user()->id trying to get a property of a non-object
- Laravel - API login authentication check
- Unable to load files using pickle and multiple modules
- Laravel - Login with username, email or phone
- Link to give access to non-registered users in Flask
- Where to store JWT in browser? How to protect against CSRF?
- Password mismatch issue with bcryptjs in Angular, NodeJS, and MySQL
- nodejs - error self signed certificate in certificate chain
- role_required decorator for FastAPI route
- How I can update session in server side
- Are security concerns sending a password using a GET request over https valid?
- Wordpress login refresh issue, have tried everything but it doesn't want to load
- NestJS + NextJS for Authentication. New Architecture?
- Base64 Authentication Python
- How to connect to an ActiveMQ server by setting the username and password programmatically?
- Accessing Cookie client-side with Next JS
- How does browser know when to prompt user to save password?
- How to identify a Google OAuth2 user?
- CookieAuthenticationProvider Token expires when a user is filling out a large form - need to refresh token somehow on user page activity
- Clerk 404 when signing out from a protected page (Next.js)