before_action :set_locale
protect_from_forgery with: :exception
This causes an exception when a user tries to log in with devise.
the fix is simple (protect from forgery before doing other actions)
before_action :set_locale
protect_from_forgery with: :exception, prepend: true
however - what concerns me is that the bug triggered an exception in production which was not caught in test.
steps to trigger the bug are
1) create an account
2) log out
3) sign in
I test this explicitly in an rspec capybara test using chrome with javascript enabled.
In the test, I don't get the exception.
can anyone explain why?
thanks,
Rob