ActionController::InvalidAuthenticityToken Rails 5 / Devise / Audited / PaperTrail gem

As it turns out, Devise documentation is quite revealing with regard to this error:

For Rails 5, note that protect_from_forgery is no longer prepended to the before_action chain, so if you have set authenticate_user before protect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use protect_from_forgery prepend: true.

The fix was to change code in my application controller from this:

 protect_from_forgery with: :exception

To this:

 protect_from_forgery prepend: true

This issue did not manifest itself until I attempted adding Audited or Paper Trail gems.

ActionController::InvalidAuthenticityToken Rails 5 / Devise / Audited / PaperTrail gem

Tags:

Ruby

Ruby On Rails

Devise

Acts As Audited

Related

Recent Posts