Question: Rails 5 Invalid Authenticity Token when trying to login from transparently redirected subdomain

Question

Rails 5 Invalid Authenticity Token when trying to login from transparently redirected subdomain

Answers 0
Added at 2016-12-16 22:12
Tags
Question

I have a Rails 5 app running on port 12003 and I configured a subdomain to transparently redirect to that port as follows:

https://test.example.com => https://example.com:12007

The problem is that when I try to log in or execute an action that requires an Authenticity Token from the subdomain, the application throws this error:

ActionController::InvalidAuthenticityToken in AccessController#attempt_login

The application does not throw it when I try to perform an action from the url that includes the port: http://example.com:12007

This makes me think that the app detects the subdomain as a Forgery attempt.

Is there a way to whitelist the subdomain or fix this isssue without disabling CSRF Protection on my app?

Answers
Source Show
◀ Wstecz