Rails 4 ActionController :: InvalidAuthenticityToken error when cookies are not accepted

Question

Rails 4 ActionController :: InvalidAuthenticityToken error when cookies are not accepted

Using protect_from_forgery in Rails 4 seems to always expect a cookie, otherwise ActionController::InvalidAuthenticityToken arises when using

 protect_from_forgery with: :exception

if the browser does not accept cookies.

Are there alternative ways to do CSRF when cookies are not accepted? At the moment, I am choosing to notify the user that cookies are required. Is this the right approach?

+5

ruby-on-rails cookies ruby-on-rails-4 csrf

mahatmanich Oct 08 '15 at 9:56

source share

No one has answered this question yet.

See related questions:

213

Why is it so often to put CSRF tokens in cookies?

3

Are cookies required for a Ruby on Rails application?

2

InvalidAuthenticityToken for disabled cookies on smartphones

2

Rails: How to provide the user with a notification page or custom errors to enable cookies.

2

ActionController :: InvalidAuthenticityToken in Devise :: SessionsController # destroy

1

Rails: validating and managing ActionController :: InvalidAuthenticityToken

0

CSRF error in production: ActionController :: InvalidCrossOriginRequest

0

CSRF protection when cookies are disabled

0

ActionController :: InvalidAuthenticityToken in Rails Engine

0

Rails cannot authenticate CSRF token with cookies disabled

Rails 4 ActionController :: InvalidAuthenticityToken error when cookies are not accepted

More articles: