ActionController::InvalidAuthenticityToken with apache on https only

This took me some time. The problem was occurring only on https, not on http. So ruby code, gems, and versions seemed to be fine.

Turns out I needed this line in my apache config:

RequestHeader set X_FORWARDED_PROTO 'https' env=HTTPS

Actually, depending on the apache version, this probably works better:


  RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
  RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

And for nginx, it is something similar:

proxy_set_header X-Forwarded-Proto https;
Please login or register to post a comment.