ChristofferJoergensen ChristofferJoergensen - 5 months ago 18
Ajax Question

POST request done with Authenticity Token, but exception still rased

My controller is responding to a js GET request, and in my

js.erb
file I am reporting back with the
Fingerprint2
generated browser data of the users browser. This is done with a POST request, because of the large data string, so I have inserted a
beforeSend
method that adds the Authenticity Token.

However, this is rejected with
ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken
. When I check, the header looks like it does in the GET requests that succeed:

X-CSRF-Token:hl/TgkY7k0yBG03KX9IBrsDhk2K4tUUh8JTooT7A0yYZ0l53p8lTt0F3dZvRwyS3bIkbbkuTdElP2KisozjXjw==


The js code looks like this:

(new Fingerprint2).get(function(fingerprint, components) {
return $.ajax({
url: "/user_browser",
type: "post",
beforeSend: function(xhr) {
xhr.setRequestHeader('X-CSRF-Token',
$('meta[name="csrf-token"]').attr('content'))
},
data: {
some_id: '123',
components: JSON.stringify(components),
fingerprint: fingerprint
},
dataType: "json"
}).success(function(data) {});
});

Answer

I found the root of the problem. Some days ago I changed my config/session_store.rb from:

MyApp::Application.config.session_store :cookie_store, key: '_my-app_session'

to:

MyApp::Application.config.session_store :disabled

When I changed this back the problem disappeared.

Comments