CSRF token InvalidAuthenticityToken

javan · February 15, 2018, 1:44pm

You can query your <meta name="csrf-token"> element for the token and include it in the request’s headers:

fetch(…, {
  method: "PUT",
  credentials: "same-origin",
  headers: {
    "X-CSRF-Token": getMetaValue("csrf-token")
  },
  …
})

function getMetaValue(name) {
  const element = document.head.querySelector(`meta[name="${name}"]`)
  return element.getAttribute("content")
}

Topic		Replies	Views
Some guidance on using rails-ujs and Rails.ajax in a Stimulus controller	1	2325	March 3, 2020
Stimulus and Rails UJS	15	12203	July 18, 2019
Turbo and UJS removal	5	4936	January 6, 2021
Fetch action from stimulus - js response not running?	0	504	April 9, 2022
Submitting a form	1	5845	October 9, 2019

CSRF token InvalidAuthenticityToken

Related Topics