ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken #748

aaronskiba · 2024-05-10T20:00:57Z

View details in Rollbar: https://app.rollbar.com/a/ualbertalib/fix/item/dmp_assistant/446


ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/request_forgery_protection.rb", line 211, in handle_unverified_request
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/request_forgery_protection.rb", line 243, in handle_unverified_request
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/devise-4.9.3/lib/devise/controllers/helpers.rb", line 255, in handle_unverified_request
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/request_forgery_protection.rb", line 238, in verify_authenticity_token
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 427, in block in make_lambda
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 198, in block (2 levels) in halting
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb", line 34, in block (2 levels) in <module:Callbacks>
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 199, in block in halting
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 512, in block in invoke_before
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 512, in each
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 512, in invoke_before
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 115, in block in run_callbacks
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actiontext-6.1.7.6/lib/action_text/rendering.rb", line 20, in with_renderer
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actiontext-6.1.7.6/lib/action_text/engine.rb", line 59, in block (4 levels) in <class:Engine>
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 126, in instance_exec
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 126, in block in run_callbacks
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/callbacks.rb", line 137, in run_callbacks
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/abstract_controller/callbacks.rb", line 41, in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/rescue.rb", line 22, in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb", line 34, in block in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb", line 203, in block in instrument
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/notifications/instrumenter.rb", line 24, in instrument
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activesupport-6.1.7.6/lib/active_support/notifications.rb", line 203, in instrument
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/instrumentation.rb", line 33, in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal/params_wrapper.rb", line 249, in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/activerecord-6.1.7.6/lib/active_record/railties/controller_runtime.rb", line 27, in process_action
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/abstract_controller/base.rb", line 165, in process
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionview-6.1.7.6/lib/action_view/rendering.rb", line 39, in process
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb", line 190, in dispatch
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_controller/metal.rb", line 254, in dispatch
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb", line 50, in dispatch
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb", line 33, in serve
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/mapper.rb", line 19, in block in <class:Constraints>
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/mapper.rb", line 49, in serve
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb", line 50, in block in serve
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb", line 32, in each
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/journey/router.rb", line 32, in serve
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/routing/route_set.rb", line 842, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 202, in call!
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 169, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 202, in call!
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb", line 169, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/dragonfly-1.4.0/lib/dragonfly/middleware.rb", line 14, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/warden-1.2.9/lib/warden/manager.rb", line 36, in block in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/warden-1.2.9/lib/warden/manager.rb", line 34, in catch
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/warden-1.2.9/lib/warden/manager.rb", line 34, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/rack-2.2.9/lib/rack/tempfile_reaper.rb", line 15, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/rack-2.2.9/lib/rack/etag.rb", line 27, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/rack-2.2.9/lib/rack/conditional_get.rb", line 40, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/rack-2.2.9/lib/rack/head.rb", line 12, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/gems/actionpack-6.1.7.6/lib/action_dispatch/http/permissions_policy.rb", line 22, in call
  File "/var/www/sites/dmp/vendor/ruby/2.7.0/g

The text was updated successfully, but these errors were encountered:

aaronskiba · 2024-05-10T20:09:23Z

I can force this error by manually altering the value of _dmp_roadmap_session within the browser inspector.

The code is configured to throw an exception:

# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception

Here I am setting the cookie to expire after 5 seconds:

config/initializers/session_store.rb
Rails.application.config.session_store :cookie_store, key: "_dmp_roadmap_session", expire_after: 5.seconds,
                                                      same_site: :lax

If I navigate to the sign-in page and wait more than 5 seconds before signing in, the same error is encountered.

However, if the cookie expires while I'm already signed in, the following behaviour is encountered:

One additional detail; the cookie expiry is set to Session.

lagoan · 2024-05-27T16:02:23Z

Will look at this further at a later time

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken #748

ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken #748

aaronskiba commented May 10, 2024

aaronskiba commented May 10, 2024 •

edited

lagoan commented May 27, 2024

ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken #748

ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken #748

Comments

aaronskiba commented May 10, 2024

aaronskiba commented May 10, 2024 • edited

lagoan commented May 27, 2024

aaronskiba commented May 10, 2024 •

edited