Can't verify CSRF token authenticity in Shopify App using Ruby on Rails

remy727
Shopify Partner
40 2 22

I am creating Shopify Rails App from Shopify CLI.

But after selecting the development store, I see APP_UNINSTALLED webhook delivery failed.

I am seeing the following error:

2023-04-08 20:51:16 │ backend │ Can't verify CSRF token authenticity.
2023-04-08 20:51:16 │ backend │ Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 626)
2023-04-08 20:51:16 │ backend │
2023-04-08 20:51:16 │ backend │ ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):

The versions I am using are:

  • Ruby 3.2.2
  • Rails: 7.0.3
  • shopify_app: 21.4.1
  • shopify_api: 12.4

Did anyone have a similar issue before?

Looking for a Shopify App developer? Please visit: https://github.com/remy727
Replies 3 (3)

eheiberg
Shopify Partner
2 0 0

I have the same issue. Simply trying to create the app according to https://shopify.dev/docs/apps/getting-started/create#step-1-create-a-new-app

As a result, I cannot preview the app either. When I attempt to open it in preview mode it times out. 

Fabien_Sebban
Shopify Partner
40 0 13

I have the same issue in my production environment. No problem in my local environment but when I deploy in production I cannot install the app from the install form.

GET request to /api/auth works fine.

 

Dumydev
Shopify Partner
5 0 1

I am Facing the Same Issue 

node -v
-> v20.9.0
 
ruby -v
-> ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux]
 
npm -v
-> 10.2.4
 
rails -v
-> Rails 7.0.8
 
gem "shopify_app", "~> 21.7"
 
Created a Shopify + Remix + Rails App
-> npm init @Shopify/app@latest -- --template=ruby
when i start the server i have this Error logs
10:41:06 │ web-backend │ Can't verify CSRF token authenticity.
10:41:06 │ web-backend │ Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms | Allocations: 633)
10:41:06 │ web-backend │
10:41:06 │ web-backend │
10:41:06 │ web-backend │
10:41:06 │ web-backend │ ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):