CSRF token InvalidAuthenticityToken

javan · February 15, 2018, 1:44pm

You can query your <meta name="csrf-token"> element for the token and include it in the request’s headers:

fetch(…, {
  method: "PUT",
  credentials: "same-origin",
  headers: {
    "X-CSRF-Token": getMetaValue("csrf-token")
  },
  …
})

function getMetaValue(name) {
  const element = document.head.querySelector(`meta[name="${name}"]`)
  return element.getAttribute("content")
}

Topic		Replies	Views
Invalid CSRF token because user logging is using turbo_streams	4	824	March 6, 2023
Turbo stream and authenticity token	4	2791	July 2, 2022
Some guidance on using rails-ujs and Rails.ajax in a Stimulus controller	1	2423	March 3, 2020
Accessing `this` from `fetch`	7	885	February 10, 2022
Stimulus and Rails UJS	15	12714	July 18, 2019

CSRF token InvalidAuthenticityToken

Related topics