Too many "Can't verify CSRF token authenticity" in the logs


(Hosein Naseri) #1

Is this normal? I’m getting too many “Can’t verify CSRF token authenticity” log for my api calls in production.log file. but it seems the api calls are working. and also as stated bellow, I’m providing both api_key and api_username.


(Eli the Bearded) #2

The code path has rails checking CSRF token and then logging that message, then using the handle_unverified_request method from app/controllers/application_controller.rb to check the API keys.

So the log message is expected and useless for API key requests.