Rails 5 ActionController::InvalidAuthenticityToken error
As indicated in Devise documentation notes for Rails 5
For Rails 5, note that
protect_from_forgeryis no longer prepended to thebefore_actionchain, so if you have setauthenticate_userbeforeprotect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or useprotect_from_forgery prepend: true.
Note: While this answer has the desired effect, it does so by reducing overall security. The below answer by Alon is more correct and maintains the security of the site.
class BugsController < ApplicationController
skip_before_filter :verify_authenticity_token
protect_from_forgery prepend: true, with: :exception
before_action :authenticate_user!
before_action :set_bug, only: [:show, :edit, :update]
end
Like This
I recently hit this in a fairly large way and I found that my error was my application's domain name had recently changed but I forgot to update session_store.rb. That may not be everyone's issue but it will report this as a CSRF error. So please check out config/session_store.rb