better_errors: Invalid CSRF Token error in Better Errors console
I’m running Rails 6.0.3.3. I’m using TurboLinks 5.2.0, StimulusJS 1.1.1, and rails-ujs 6.0.3 via Webpacker 5.2.1, and not directly using Sprockets (except for ActiveAdmin). Browser is Safari 13.1.2 on macOS 10.15.6.
My layout includes output of csrf_meta_tags in the <head> section, and my form includes the authenticity_token hidden field.
When I attempt to trigger BetterErrors in a controller action (update), it comes up enough that I see a stack frame, but I don’t see the source view / REPL / request info / locals / instance vars on the right. I only see an error about “Invalid CSRF Token”. The /__better_errors endpoint is available and it works fine, however.
The problem does not occur with BetterErrors 2.7.1.
I’m not sure If I’ve got something subtly wrong, or if there’s a bug (possibly related to TurboLinks, or the use of Webpacker).
What information can I provide to help diagnose this issue?
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 4
- Comments: 21 (4 by maintainers)
2.8.2 should fix this issue. Please let me know here if you still see this issue!
This happens for me with 2.8.1 as well: https://take.ms/CCXc8 https://take.ms/BpipT
On rubygems, the current version is always at 2.8.1 😉
In my case the cookie Path is getting set to the path where the error happens, which means the cookie doesn’t get sent with the /__better_errors… request. Can be fixed by adding
path: "/"at lib/better_errors/middleware.rb:116.I would make a PR but I don’t know if this is 100% the right thing to do. I don’t know much about Rack and I took a quick look but it wasn’t super obvious.
Thank you @chuckd that’s exactly the issue! I was hoping someone would provide a reproducible case, but you identified the issue on the nose. I’ve got a fix in the works!