Want more GoRails?
GoRails is packed full with 721 lessons just like this one.
Sign up to get full access or log in to your account and sit back.
Your Teacher
Chris Oliver
Hi, I'm Chris. I'm the creator of GoRails, Hatchbox.io and Jumpstart. I spend my time creating tutorials and tools to help Ruby on Rails developers build apps better and faster.
About This Episode
Ever gotten an InvalidAuthentictyToken error in Rails and wondered how CSRF works? In this lesson, we'll learn how it works behind the scenes so you can understand exactly what's going on.
Notes
Resources
Add this code to your ApplicationController
to see how Rails compares the CSRF tokens you sent to the CSRF token in your application.
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action do
p "👋"
p "real #{real_csrf_token(session)}"
p "global #{global_csrf_token(session)}"
request_authenticity_tokens.each do |token|
next if token.nil?
decoded_token = decode_csrf_token(token)
if decoded_token.length == AUTHENTICITY_TOKEN_LENGTH * 2
p unmask_token(decoded_token)
else
p decoded_token
end
end
end
end
Additional Reading: