Ask A Question


You’re not receiving notifications from this thread.

Episode #165 - getting Can't verify CSRF token authenticity in --api project

Jiri Prochazka asked in Rails

I'm trying to use Knock as in episode #165 API Authentication with JSON Web Tokens (JWT) and Knock.

I'm going step by step, but when trying to obtain the token by:

curl --data "auth[email][password]=pass" http://localhost:3000/api/v1/user_token

I'm getting 'Unprocessabel entity' and in my log there is 'Can't verify CSRF token authenticity. Completed 500 Internal Server Error in 96ms'

But at the start I have created a brand new project with --api flag. I created the project twice to be sure (5.2.0.rc1).
Should not the rails new backend --api generate a project without CSRF?

Ok, I just tried with Rails 5.1.4 and it is working. So it is something with 5.2.0.rc1..
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,168+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.