devise: InvalidAuthenticityToken

Environment

  • Ruby [2.6.1]
  • Rails [6.0.3.2]
  • Devise [4.7.1]

Current behavior

ActionController::InvalidAuthenticityToken","exception_backtrace":["/home/ubuntu/.rvm/gems/ruby-2.6.1/gems/actionpack-6.0.3.2/lib/action_controller/metal/request_forgery_protection.rb:215:in `handle_unverified_request'","/home/ubuntu/.rvm/gems/ruby-2.6.1/gems/actionpack-6.0.3.2/lib/action_controller/metal/request_forgery_protection.rb:247:in `handle_unverified_request'","/home/ubuntu/.rvm/gems/ruby-2.6.1/gems/devise-4.7.1/lib/devise/controllers/helpers.rb:255:in `handle_unverified_request'","/home/ubuntu/.rvm/gems/ruby-2.6.1/gems/actionpack-6.0.3.2/lib/action_controller/metal/request_forgery_protection.rb:242:in

When trying to upgrade rails gem, it returns ActionController::InvalidAuthenticityToken It works fine with : rails (6.0.2.2)

Expected behavior

Devise and the latest version of rails should work fine.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 8
  • Comments: 20 (1 by maintainers)

Most upvoted comments

ERROR INVALID AUTHENTICITY TOKEN RAILS

Insert the Line bellow inside the file Application.rb: config.action_controller.allow_forgery_protection = false

+15
Lucas-Ferreira on Jun 23, 2022

Ran into a similar issue today after moving my project from my desktop to my laptop. Similar versions to what you’ve mentioned above. Except mine are:

Ruby [2.7.1] Rails [6.0.3.2] Devise [4.7.2]

I tried downgrading gems, reinstall ruby, hackish techniques I’m not proud of, anything I could think of…

Eventually ran into “ActionController::InvalidAuthenticityToken Error since re cloned git repo

After running the following task, the problem was solved!

rails dev:cache

Didn’t even think of looking into the tmp/caching-dev.txt file.

Hopefully, that’ll help ya!

+6
jr180180 on Sep 6, 2020

Is there any clarity as to why rails dev:cache is affecting this?

If you run into this while using Stimulus Reflex please bear in mind that if as instructed by Stimulus Reflex you set

config.cache_store = :redis_cache_store

and you set

config.session_store :cache_store

Redis server must be up otherwise you will get invalidAuthenticityToken error.

+4
adnanpirota on Mar 12, 2021

I’ve started having this issue after adding config.session_store :cache_store in development.rb.

Check if you have that, and try commenting it out. I’m not sure how the two are related.

+2
mtomov on Nov 6, 2020

Thanks all for digging into this one some more. Given most of us seem to agree this is not a Devise specific issue, I’m going ahead and closing it here.

If anyone is able to confirm it’s Devise related and can provide a reproduction script/test app, I’ll be happy to do some investigation.

+2
carlosantoniodasilva on Sep 9, 2020

Just in case this solved it for my app. Using latest versions of devise, active admin and rails: Gemfile gem 'rack',"2.2.2" Terminal $ bundle update

+1
interpegasus on Mar 31, 2021

So, after looking into it more, this is probably not a Devise issue, but something related to the application’s SSL config.

Thanks for the update. This is interesting as I’m seeing this in development mode locally, which isn’t running SSL. But I’m inclined to agree it’s a Rails or Rack issue rather than with Devise.

+1
lylo on Sep 8, 2020

Are you using Rack 2.2.3 by any chance? I have seen a similar issue which can be addressed by downgrading to Rack 2.2.2. I’m not (yet) sure why exactly.

+1
lylo on Aug 4, 2020
Read more comments on GitHub
← devise: Initial confirmation email not being sent
devise: NoMethodError (undefined method `[]' for nil:NilClass): →