Previously I used a gem which provided a controller for accepting external services to POST some data into our app. However in Rails 5.2 it stopped working. When the endpoint is triggered, it raises ActionController::InvalidAuthenticityToken error.
For Rails before 5.2, the generated ApplicationController will call protect_from_forgery, meaning POST,PUT,DELETE actions are checked for authenticity.
New Rails 5.2 projects will by default check authenticity token for any subclass of ActionController::Base instead, which affects many existing Gems.
You can wait for the gem updates for compatibility with 5.2.
Alternatively, you can probably monkey patch these controllers in the initializer:
require 'foo_controller'
class FooController < ActionController::Base
skip_before_action :verify_authenticity_token, raise: false
end
I ran into this issue too using destroy_user_session_path in sign out link. I compared my older app (rails 5.1.x) vs this newly built rails 5.2.0, I noticed that I didn't have csrf_meta_tags in tag of my layout.
After adding
= csrf_meta_tags
it worked! HTH
ruby '2.3.5'
gem 'rails', '~> 5.2.0'
来源:https://stackoverflow.com/questions/48762136/rails-5-2-some-controller-actions-gives-invalidauthenticitytoken