-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using Rails 5.2.0.beta2, getting Can't verify CSRF token authenticity. #105
Comments
🤔Not sure I'm fully understanding the issue yet, but I'll try... Where is your The If I'm way off base here, I'm going to need more information. What exact error are you experiencing? Why did you think you needed to move the |
I setup my local application to receive Stripe's test webhooks and was getting the error My app is here: https://github.com/archonic/limestone. |
Reading the Rails 5.2.0.beta1 CHANGELOG:
# config/initializers/new_framework_defaults_5_2.rb
Rails.application.config.action_controller.default_protect_from_forgery = true I guess engines (like We need a Rails 5.2 variation added to the build matrix anyway. I'll see if I can get stripe_event ready for Rails 5.2 tomorrow. If anyone can think of a better approach, please do chime in. |
That accommodates |
@archonic Changes made.If you could please test your application against the gem "stripe_event", github: "integrallis/stripe_event" Once I get confirmation, I'm happy to release a new official version out to rubygems. |
@rmm5t Tested and works 👍 . Thanks! |
@archonic Thanks. Rock on. 🤘 Very happy about that. I just released v2.1.1. Don't ask what happened to v2.1.0. 😞I made a dumb mistake and had to immediately yank that release from rubygems. |
I believe there's a Rails 5 change which is stopping the webhook from being processed by StripeEvent::WebhookController#event due to
protect_from_forgery
. https://github.com/plataformatec/devise#controller-filters-and-helpersI needed to bring the whole StripeEvent::WebhookController into my application in order to stick
skip_before_action :verify_authenticity_token
in there.Can anyone else verify this issue?
The text was updated successfully, but these errors were encountered: