Wheels.InvalidAuthenticityToken

[Bill]

Hi all,

I cannot get the CSRF token to work.

I have the following:

#csrfMetaTags()# in the <head></head>

<meta content="authenticityToken" name="csrf-param"><meta content="bv7unduicwlgc2ujmfsbqaqmvxvfr6m5ekh53bq1" name="csrf-token">  

#authenticityTokenField()# in the form body

<input id="authenticityToken" name="authenticityToken" type="hidden" value="bv7unduicwlgc2ujmfsbqaqmvxvfr6m5ekh53bq1">  

The form has method="post" yet I receive:

Wheels.InvalidAuthenticityToken

This POSTed request was attempted without a valid authenticity token.

Tag context

Error thrown on line 45 in wheels\controller\csrf.cfm
- called from line 13 in wheels\controller\processing.cfm
- called from line 205 in wheels\dispatch\functions.cfm
- called from line 5 in wheels\index.cfm
- called from line 2 in rewrite.cfm
- called from line 5 in wheels\events\onrequest.cfm

What am I doing wrong? I've got no answers except turning it off.

[Tom King]

I think you only need  authenticityTokenField()  when manually constructing your own forms; i.e using <form>

If you're using startFormTag() it should automatically place that as long as you've got #csrfMetaTags()# in your <head> ?

T 

[MvdO79]

Did you solve this?

Op woensdag 23 september 2020 om 00:58:07 UTC+2 schreef Bill:

[Bill]

Got it working. As Tom said, if using standard <form> tags then ONLY use #authenticityTokenField()#. If using #csrfMetaTags()# in the <head></head> then you MUST use #startFormTag()#.

It cannot be both which seems odd and maybe the documentation needs to be updated.

[MvdO79]

Awesome :)

Op woensdag 14 oktober 2020 om 15:04:23 UTC+2 schreef Bill: