Posts

Showing posts from January 20, 2019

CSRF protection when migrating from Rails 3 to Rails 4

Image
0 I am working on migrating a big website package from Ruby 1.9 to Ruby 2.3, and I'm almost done. I've got Rails almost completely moved from 3.2 to 4.2, but I've run into one snag which I cannot figure out, and this project is my first experience with either Ruby or Rails, so I've been picking up the jargon as I go. When I point my browser to my development server, all my GET requests succeed (200), but all my POST requests fail (500). After some research, I found out about Rails' built-in CSRF protection, and was able to determine that the package I'm working with had this protection in place when it was using Rails 3.2. With Rails 4.2 in place, the protection seems to be preventing any POST requests from succeeding. After researching it further, I found that Rails 4 encrypts auth cook