Rails: InvalidAuthenticityToken while using BrowserSync
I seem to be getting ActionController::InvalidAuthenticityToken exceptions while using BrowserSync. I've tried setting the config line mentioned here https://github.com/rails/rails/issues/21948#issuecomment-235079906 and had no luck. I have noticed however that it seems to be set to false anyway https://github.com/rails/rails/blob/60c6b538170ce35cc8ff8382bef2f082868b4b09/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L82
Granted I am new to rails so I may be setting the config value incorrectly. I'm not sure what else to try. My educated guess still leads me to believe that it may be the host differences/origin-url that's causing the issue as the rails server is running on localhost:3000 and I am viewing it via the browsersync proxy at localhost:3001. Is there a way to verify this is the issue or to determine what else is at play here? The CSRF issue simply goes away when not submitting anything via the localhost:3001 proxy.
Obviously the end result here is I'd like to continue using browsersync, and not have to disable CSRF protection while in local development.
System configuration
Rails version: 5.0.0.1
Ruby version: 2.3.1p112
BrowserSync version: 2.18.2
r3oath
>All comments
Seems I've managed to find a solution. Requires manually setting the X-Forwarded-Host host from the broswersync init config.
sync.init({
proxy: {
target: "localhost:3000",
proxyReq: [
function(proxyReq) {
proxyReq.setHeader('X-Forwarded-Host', 'localhost:3001');
}
],
},
})
Related issues
vandrijevik
路
3Comments
joevandyk
路
3Comments
dhh
路
3Comments
vinay-mittal
路
3Comments
greutter
路
3Comments
Most helpful comment
Seems I've managed to find a solution. Requires manually setting the
X-Forwarded-Hosthost from the broswersync init config.