Question
DigitalOcean 1-Click Rails App - InvalidAuthenticityToken
[2018-08-01T00:08:14.616530 #13285] INFO – : Started POST “/login” for 108.3.168.115 at 2018-08-01 00:08:14 +0000
I, [2018-08-01T00:08:14.628178 #13285] INFO – : Processing by SessionController#create as HTML
I, [2018-08-01T00:08:14.629969 #13285] INFO – : Parameters: {“utf8”=>“✓”, “authenticity_token”=>“9d2SwyolmTOHHo21SYVb7R8cGuTG8lCDpN5A/vrs1jr1IHv12yadJ+0YqH6gI4U5JQCZghF3vG0VQnhIdS7htQ==”, “session”=>{“email”=>“”, “password”=>“[FILTERED]”}, “commit”=>“Log in”}
W, [2018-08-01T00:08:14.638901 #13285] WARN – : Can’t verify CSRF token authenticity.
I, [2018-08-01T00:08:14.639597 #13285] INFO – : Completed 422 Unprocessable Entity in 9ms (ActiveRecord: 0.0ms)
F, [2018-08-01T00:08:14.642361 #13285] FATAL – :
F, [2018-08-01T00:08:14.642791 #13285] FATAL – : ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
This webpage works fine on my development box, which doesn’t use Nginx or Unicorn. At first I assumed that maybe I’d forgotten to populate the SECRETKEYBASE and that was causing issues, but it seems that the 1-click Rails App does in fact populate the ENV variable for SECRETKEYBASE, so I guess that isn’t the problem.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.