This is a static archive of our old OpenStreetMap Help Site. Please post any new questions and answers at community.osm.org.

custom Rails Port implementation, trouble with Authenticity Tokens

0

Is there anyone in this channel who can talk to me about the Rails Port's "authenticity token" system?

I have been implementing a new, customized Rails Port instance for https://opengeofiction.net/ . It's working well but I am having nightmare problems with two things:

  • Frequent errors for users: "ActionController::InvalidAuthenticityToken"
  • Frequently users are forcibly logged off whenever they change pages (i.e. Diaries to map, map to iD, etc.)

Is there anyone who can give me insights into what might be going wrong.

I am not a Ruby on Rails developer or even particularly comfortable with the environment. I have a background in Database admin and design and I am comfortable with most aspects of Linux sysadmin.

asked 02 Sep '21, 18:26

Luciano%20AK's gravatar image

Luciano AK
11112
accept rate: 0%

Can you explain the changes you have made to the "original", or do you have your version on GitHub somewhere?

(03 Sep '21, 09:36) Frederik Ramm ♦

@Frederik - I'm sorry we don't have it on github. It's all kind of experimental. In the long run, we hope to formally "fork" openstreetmap-website and post our changes, but we're not there right now.

Meanwhile, the site is up and seems to be working. We've let in a limited number of users and we're doing testing. Not going to claim victory, yet, but the Authenticity Token errors appear to have gone away. We did a bunch of google-fu and dug up what seemed to have worked. I promise I'll post what we did once I'm confident it worked.

You're free to browse the website:

https://opengeofiction.net

Anyway thank you so much for taking the time to respond.

(03 Sep '21, 19:33) Luciano AK

One Answer:

0

Firstly, thank you to my one responder, for their suggestion.

Apparently, the openstreetmap-website ("rails port") expects that a production instance will have a tool called memcache installed. It was another member of our team who figured this out, so I don't have the details, but I think that's enough of a hint if someone finds this question in the future and is trying to solve the issue.

Although we are still running the "rails port" as a development instance (rather than production), we are doing so as a de facto production instance, with 100's of active users.

This level of deployment requires memcache to manage the authenticity tokens, I guess.

If I get more details from my colleague about specific steps he took, I'll amend this answer.

Meanwhile, our site is up and running quite well, now.

answered 04 Sep '21, 17:44

Luciano%20AK's gravatar image

Luciano AK
11112
accept rate: 0%

Source code available on GitHub .