Innovation Cloud - Step 16 - ActionController::InvalidAuthenticityToken


I’m currently working on the Innovation Cloud project.

As seen in the following topics The action index could not be found for SignupsController, Receiving error the action index could not be found and Can’t get form to redirect to thanks_url, the browser goes to https://localhost/signups and I can’t figure out why.

However, the index error only shows up when I refresh the browser because I’m also getting an ActionController::InvalidAuthenticityToken in SignupsController#create error when I click on the submit button.

Here’s what I see in the console:
Started POST "/signups" for at 2020-06-05 17:58:40 +0000 Processing by SignupsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"ISh57AUCeODOur3cP1nkurexm13tyQhVI1d1UrgfQ2o=", "signup"=>{"email"=>""}, "commit"=>"Join"} Can't verify CSRF token authenticity Completed 422 Unprocessable Entity in 1ms

1 Like

So this doesn’t solve the underlying problem, but will allow you to get beyond this issue for further practice —

In your signups controller, add this line above any of your actions

  skip_before_action :verify_authenticity_token

This basically tells the signup controller to not care about the authenticity token. You should not do this in a production app, but inside codecademy for practice/learning, it’s probably fine.


Thanks for the tip. I was able to complete the project.

Just out of curiosity, what could be the cause of such an issue?

@evanfreeze Thanks for the solution, it also helped me out. I’m also curious to know what was causing an invalid authenticity token? Can anyone explain?

The issue persists, and this solution still works.

I would like to add that the situation is not unique to this project. The following project, Threadly, issues the same error when it comes to submitting comments. I added the skip_before_action and it works just fine.

yep, problem still exists.

Issue is nearly 1.5 years old, not really comforting for the rest of the paid course to be honest.

Another solution is to set this at the application level, eg, in the config/application.rb file, add the following:

config.action_controller.allow_forgery_protection = false
1 Like