clearance: Undefined method protect_from_forgery for Clearance::SessionsController:Class
Only now that I’m trying to push to Heroku am I seeing errors about protect_from_forgery being undefined, namely: /app/vendor/bundle/ruby/2.1.0/gems/clearance-1.3.0/app/controllers/clearance/sessions_controller.rb:3:in': undefined method protect_from_forgery' for Clearance::SessionsController:Class (NoMethodError)
I’ve tried overriding with both skip_before_filter :verify_authenticity_token and protect_from_forgery, with: :null_session by subclassing Clearance::SessionsController.
Now I’m out of ideas.
About this issue
- Original URL
- State: closed
- Created 10 years ago
- Reactions: 2
- Comments: 17 (4 by maintainers)
protect_from_forgeryis a class method included inActionController::RequestForgeryProtectionIf you want to keepActionController::APIthen add just afterclass ApplicationController > ActionController::API:include ActionController::RequestForgeryProtectionAlso, this will allow you to set CSRF token with methodform_authenticity_token.Hope this helps!
To be honest, I’m not sure why Clearance has
protect_from_forgeryinSessionsControllerrather than relying on whatever the user has (or has not) setup inApplicationController. I’m further puzzled as to why it’d be skipped in theSessionsController#createaction. I’ll have to dig through git to see if there’s an explanation.For the time being, you could keep
ApplicationController::APIand either:protect_from_forgerymethod and include that in yourApplicationController.protect_from_forgeryas a no-op on yourApplicationController.I was inheriting my
ApplicationControllerfromActionController::API; changing toActionController::Basefixes this issue, but is not ideal behavior.Any thoughts?