Comments (3)
The tokens generated by Rails and Plug seem to have different length and Rails does not expect that:
irb(main):004:0> [1,2,3].zip([4,5]).map { |(c1,c2)| c1 ^ c2 }
TypeError: nil can't be coerced into Fixnum
from (irb):4:in `^'
The best solution here is probably to guarantee that Rails and Plug use different CSRF tokens names in the session. I have just pushed a commit to Plug that will allow us to do so. In your deps
in mix.exs
:
{:plug, github: "elixir-lang/plug", override: true}
And in your router:
plug :protect_from_forgery, session_key: "_my_csrf_token_key"
Please let me know how it goes. The downside of this approach is that you can't POST from a Phoenix page to a Rails page though. If that's important, it may be necessary to guarantee their CSRF tokens are compatible (which would probably be an effort for this project).
Also note you will be using Plug master, which is unreleased, so if you find any failure, please let us know.
from plug_rails_cookie_session_store.
@fbjork I just saw this issue, not sure if you already solved your problem. I created plug_rails_csrf_protection for this very reason. It's not just the token length but also how it is encoded/masked for the form that is different between Rails and the CSRFProtection plug. I have successfully used plug_rails_csrf_protection to post between Rails and Phoenix.
from plug_rails_cookie_session_store.
I missed this issue, duh. Is this still a problem?
from plug_rails_cookie_session_store.
Related Issues (10)
- Cannot write session HOT 2
- Cowboy 2 compatibility HOT 1
- Issues with Rails 5.2.2 HOT 3
- LiveView Configuration Issue - LiveView session was misconfigured or the user token is outdated HOT 1
- Elixir can read Marshal Format HOT 18
- Generation phoenix cookies like rails
- mix test fail HOT 1
- Having trouble sharing session between rails 3 and phoenix HOT 1
- Does not work on Rails 4 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plug_rails_cookie_session_store.