Can't verify CSRF token authenticity in rails

vajapravin picture vajapravin · Aug 16, 2012 · Viewed 10k times · Source

I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following -

def ipn_notification
    ipn = PaypalAdaptive::IpnNotification.new
    ipn.send_back(request.raw_post.to_json)

    print "=====================request.raw_post#{request.raw_post}=============="

    if ipn.verified?
        PaymentMailer.notify_unknown(request.raw_post).deliver
    else
        logger.info "IT DIDNT WORK"
    end
    render :nothing => true
end

but it's returning error

WARNING: Can't verify CSRF token authenticity rails

Any help for this problem.

Answer

apneadiving picture apneadiving · Aug 16, 2012

In your controller:

skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]

For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):

  • yes it skips a security BUT... Read after...

  • yes, it's the only way for external website POST requests

  • yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.