Invalid Cross Origin Request After Upgrading to Rails 4.1
Some point after I upgraded from Rails 3.2 to Rails 4.1, I started getting the following errors:
They mainly come from Internet Explorer 6 or 8 browsers on Windows XP, and never have accompanying user info, even though they're accessing a controller action that is only displayed to signed-in users.
How do I fix this issue or resolve it?
(See also a related issue from before upgrading: Why does Rails Fail to access the Session in an Ajax request from Internet Explorer? )
As per "CSRF protection from remote tags " from the rails guide:
In the case of tests, where you also doing the client, change from:
get :index, format: :js
xhr :get, :index, format: :js
In the case you want to make this route skip csrf check, white list the route using something like:
protect_from_forgery :except => :create