Can't verify CSRF token authenticity when using prepend_before_action
I have the following application controller. I recently added the set_customer which I want to execute before the authorize part. The prepend_before_action does that perfectly. However as soon as I add that line I'm getting this error: Can't verify CSRF token authenticity
The current_user isn't nil, so when I debug it goes right over the set_customer part and straight into the authorize method. When I remove the prepend_before_action line it works again. How can I fix this (while keeping the CSRF protection of course.
Maybe important to mention: I'm also using devise. The error comes on Devise::SessionsController#create
class ApplicationController < ActionController::Base protect_from_forgery with: :exception, prepend: true before_action :authorize prepend_before_action :authorize, :set_customer def authorize if current_permission.allow?(params[:controller], params[:action], current_resource) current_permission.permit_params! params else raise Permission::NotAuthorized end end def set_customer if current_user.nil? # some unimportant code since current_user isn't nil end end
Have you tried moving
prepend_before_action? One of the suggestions on the Devise GitHub for the CSRF error is to change the order you call them, or add prepend to the p_f_p. To my understanding, prepend sets the thing being prepended to index 0. That would be putting your authorize call before your p_f_p call in execution.