Skip to main content
Ask A Question
You’re not receiving notifications from this thread.

Episode #165 - getting Can't verify CSRF token authenticity in --api project

Rails • Asked by Jiri Prochazka

I'm trying to use Knock as in episode #165 API Authentication with JSON Web Tokens (JWT) and Knock.

I'm going step by step, but when trying to obtain the token by:

curl --data "auth[email][email protected]&auth[password]=pass" http://localhost:3000/api/v1/user_token

I'm getting 'Unprocessabel entity' and in my log there is 'Can't verify CSRF token authenticity. Completed 500 Internal Server Error in 96ms'

But at the start I have created a brand new project with --api flag. I created the project twice to be sure (5.2.0.rc1).
Should not the rails new backend --api generate a project without CSRF?


Ok, I just tried with Rails 5.1.4 and it is working. So it is something with 5.2.0.rc1..

Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 29,237+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.