Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-9084

[fiware-stackoverflow] Rails CSRF token authenticity on Incoming external POST Requests

        Details

          Description

          Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
          Please, ANSWER this question AT https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests

          Question:
          Rails CSRF token authenticity on Incoming external POST Requests

          Description:
          My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

          But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING.

          I, 2015-12-03T16:56:53.215991 #22189 INFO – : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
          I, 2015-12-03T16:56:53.221524 #22189 INFO – : Processing by MachineController#listen as XML
          I, 2015-12-03T16:56:53.221762 #22189 INFO – : Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[

          {"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}

          ]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
          W, 2015-12-03T16:56:53.223637 #22189 WARN – : Can't verify CSRF token authenticity
          I, 2015-12-03T16:56:53.224191 #22189 INFO – : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
          F, 2015-12-03T16:56:53.225189 #22189 FATAL – :
          ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

          I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

          Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services.

          Thanks

            Activity

            Ascending order - Click to sort in descending order
            backlogmanager Backlog Manager created issue -
            Hide
            Permalink
            backlogmanager Backlog Manager added a comment -

            2017-05-22 15:17|CREATED monitor | # answers= 1, accepted answer= True

            Show
            backlogmanager Backlog Manager added a comment - 2017-05-22 15:17|CREATED monitor | # answers= 1, accepted answer= True
            backlogmanager Backlog Manager made changes -
            Field Original Value New Value
            Component/s FIWARE-TECH-HELP [ 10278 ]
            backlogmanager Backlog Manager made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            Permalink
            backlogmanager Backlog Manager added a comment -

            2017-05-22 18:11|UPDATED status: transition Answer| # answers= 1, accepted answer= True

            Show
            backlogmanager Backlog Manager added a comment - 2017-05-22 18:11|UPDATED status: transition Answer| # answers= 1, accepted answer= True
            backlogmanager Backlog Manager made changes -
            Resolution Done [ 10000 ]
            Status In Progress [ 3 ] Closed [ 6 ]
            Hide
            Permalink
            backlogmanager Backlog Manager added a comment -

            2017-05-22 21:12|UPDATED status: transition Finish| # answers= 1, accepted answer= True

            Show
            backlogmanager Backlog Manager added a comment - 2017-05-22 21:12|UPDATED status: transition Finish| # answers= 1, accepted answer= True
            fla Fernando Lopez made changes -
            HD-Enabler Orion [ 10875 ]
            Description
            Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
            {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests


            +Question:+
            Rails CSRF token authenticity on Incoming external POST Requests

            +Description:+
            My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

            But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING.

            I, [2015-12-03T16:56:53.215991 #22189] INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
            I, [2015-12-03T16:56:53.221524 #22189] INFO -- : Processing by MachineController#listen as XML
            I, [2015-12-03T16:56:53.221762 #22189] INFO -- : Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
            W, [2015-12-03T16:56:53.223637 #22189] WARN -- : Can't verify CSRF token authenticity
            I, [2015-12-03T16:56:53.224191 #22189] INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
            F, [2015-12-03T16:56:53.225189 #22189] FATAL -- :
            ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):


            I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

            Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services.

            Thanks
            		 Created question in FIWARE Q/A platform on 03-12-2015 at 18:12
            {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/34072672/rails-csrf-token-authenticity-on-incoming-external-post-requests


            +Question:+
            Rails CSRF token authenticity on Incoming external POST Requests

            +Description:+
            My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

            But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING.

            I, [2015-12-03T16:56:53.215991 #22189] INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
            I, [2015-12-03T16:56:53.221524 #22189] INFO -- : Processing by MachineController#listen as XML
            I, [2015-12-03T16:56:53.221762 #22189] INFO -- : Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
            W, [2015-12-03T16:56:53.223637 #22189] WARN -- : Can't verify CSRF token authenticity
            I, [2015-12-03T16:56:53.224191 #22189] INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
            F, [2015-12-03T16:56:53.225189 #22189] FATAL -- :
            ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):


            I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

            Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services.

            Thanks
            fla Fernando Lopez made changes -
            Assignee Backlog Manager [ backlogmanager ]
            fla Fernando Lopez made changes -
            Fix Version/s 2021 [ 12600 ]
            Transition Time In Source Status Execution Times Last Executer Last Execution Date
            Open Open In Progress In Progress
            		2h 54m 1 Backlog Manager 22/May/17 6:10 PM
            In Progress In Progress Closed Closed
            		3h 1 Backlog Manager 22/May/17 9:10 PM

              People

              • Assignee:
                backlogmanager Backlog Manager
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: