Ask A Question


You’re not receiving notifications from this thread.

Episode #165 - getting Can't verify CSRF token authenticity in --api project

Jiri Prochazka asked in Rails

I'm trying to use Knock as in episode #165 API Authentication with JSON Web Tokens (JWT) and Knock.

I'm going step by step, but when trying to obtain the token by:

curl --data "auth[email][password]=pass" http://localhost:3000/api/v1/user_token

I'm getting 'Unprocessabel entity' and in my log there is 'Can't verify CSRF token authenticity. Completed 500 Internal Server Error in 96ms'

But at the start I have created a brand new project with --api flag. I created the project twice to be sure (5.2.0.rc1).
Should not the rails new backend --api generate a project without CSRF?

Ok, I just tried with Rails 5.1.4 and it is working. So it is something with 5.2.0.rc1..
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 79,047+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

    © 2023 GoRails, LLC. All rights reserved.