Why Does A POST Request, Properly Routed, Throw An "ActionController::InvalidAuthenticityToken" Error In Rails And The Shopify_app Gem
I am getting the following error when making a post request to
/locations/1/submit-to-shopify in my app:
ActionController::InvalidAuthenticityToken in LocationsController#submitshopify
You can see the post route in my routes.rb file below.
root 'home#index' controller :sessions do get 'login' => :new, :as => :login post 'login' => :create, :as => :authenticate get 'auth/shopify/callback' => :callback get 'logout' => :destroy, :as => :logout get 'locations/:id' => 'locations#index' post 'locations/:id/submit-to-shopify' => 'locations#submitshopify' end
All the other requests work fine. Here is my Locations controller:
class LocationsController < AuthenticatedController def index @location_id = params[:id] @location = Location.find(@location_id) end def submitshopify @location_id = params[:id] @location = Location.find(@location_id) @product_handle = params[:product_handle] @product = ShopifyAPI::Product.find_by handle: @product_handle end def new end def create end def show end def edit end def update end def destroy @location_id = params[:id] @location = Location.find(@location_id) @destroy_status = @location.destroy end end
If it is of any consequence, I am using the 'shopify_app' gem, which includes 'shopify_api'. I followed all the directions listed for both of those modules, and have successfully authenticated with Shopify in all of the other pages / controllers.
Have you used helpers to create your submission form?
or have you created it manually? If created manually, have you added the
<%= csrf_meta_tags %>
to your form?
check with your firebug if there is an authentication token at the end of the form. Even the view source should show you that.
We should be discarding that anyone is trying to spam using your form by means of a http client like curl without actually being on your site (cross site request forgery)
- → Adding html data attribute to simple_forms input
- → Blocking ?page= in robots.txt
- → Cannot read property 'modalIsOpen' of undefined
- → Why does a POST request, properly routed, throw an "ActionController::InvalidAuthenticityToken" error in Rails and the shopify_app gem
- → How to setup Rails routes.rb for Vanity URL without requiring a prefix
- → add one button in shopify site header using shopify app in ROR
- → How can I access the webhook data in jobs? (Shopify Rails)
- → Ruby array to js array in .js.erb file on rails
- → rails 4 justifiedGallery script only load the latest post with images
- → Can't create new database entry from form submission
- → Mount/Render a React component manually using JS
- → Cant get this join to work in rails