Can't verify CSRF token authenticity in rails

Question

I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following -

def ipn_notification
    ipn = PaypalAdaptive         


        

Answer 1

In your controller:

skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]

For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):

• yes it skips a security BUT... Read after...

• yes, it's the only way for external website POST requests

• yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.

Answer 2

Add the following line in your application.js

//= require jquery_ujs

And try.

Answer 3

The correct solution for this problem without compromising security

In your ajax request send the csrf token value as header.

var csrfToken = $("meta[name='csrf-token']").attr("content");
$.ajaxSetup({
  headers: {
    'X-CSRF-Token': csrfToken
  }
});