[Backlogmanager] [FIWARE-JIRA] (HELP-9084) [fiware-stackoverflow] Rails CSRF token authenticity on Incoming external POST Requests

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Wed Sep 12 11:25:00 CEST 2018 

     [ https://jira.fiware.org/browse/HELP-9084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez updated HELP-9084:
---------------------------------
    Description: 
Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests


+Question:+
Rails CSRF token authenticity on Incoming external POST Requests

+Description:+
My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING. 

I, [2015-12-03T16:56:53.215991 #22189]  INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
I, [2015-12-03T16:56:53.221524 #22189]  INFO -- : Processing by MachineController#listen as XML
I, [2015-12-03T16:56:53.221762 #22189]  INFO -- :   Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
W, [2015-12-03T16:56:53.223637 #22189]  WARN -- : Can't verify CSRF token authenticity
I, [2015-12-03T16:56:53.224191 #22189]  INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2015-12-03T16:56:53.225189 #22189] FATAL -- : 
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):


I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services. 

Thanks


  was:

Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests


+Question:+
Rails CSRF token authenticity on Incoming external POST Requests

+Description:+
My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING. 

I, [2015-12-03T16:56:53.215991 #22189]  INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
I, [2015-12-03T16:56:53.221524 #22189]  INFO -- : Processing by MachineController#listen as XML
I, [2015-12-03T16:56:53.221762 #22189]  INFO -- :   Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
W, [2015-12-03T16:56:53.223637 #22189]  WARN -- : Can't verify CSRF token authenticity
I, [2015-12-03T16:56:53.224191 #22189]  INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2015-12-03T16:56:53.225189 #22189] FATAL -- : 
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):


I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services. 

Thanks


     HD-Enabler: Orion

> [fiware-stackoverflow] Rails CSRF token authenticity on Incoming external POST Requests
> ---------------------------------------------------------------------------------------
>
>                 Key: HELP-9084
>                 URL: https://jira.fiware.org/browse/HELP-9084
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>              Labels: authentication, fiware, fiware-orion, ruby, ruby-on-rails
>
> Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests
> +Question:+
> Rails CSRF token authenticity on Incoming external POST Requests
> +Description:+
> My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).
> But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING. 
> I, [2015-12-03T16:56:53.215991 #22189]  INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
> I, [2015-12-03T16:56:53.221524 #22189]  INFO -- : Processing by MachineController#listen as XML
> I, [2015-12-03T16:56:53.221762 #22189]  INFO -- :   Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
> W, [2015-12-03T16:56:53.223637 #22189]  WARN -- : Can't verify CSRF token authenticity
> I, [2015-12-03T16:56:53.224191 #22189]  INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
> F, [2015-12-03T16:56:53.225189 #22189] FATAL -- : 
> ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
> I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.
> Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services. 
> Thanks



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy   Cookies policy