A partial archive of meta.discourse.org as of Tuesday July 18, 2017.

Too many “Can’t verify CSRF token authenticity” in the logs


Is this normal? I’m getting too many “Can’t verify CSRF token authenticity” log for my api calls in production.log file. but it seems the api calls are working. and also as stated bellow, I’m providing both api_key and api_username.


The code path has rails checking CSRF token and then logging that message, then using the handle_unverified_request method from app/controllers/application_controller.rb to check the API keys.

So the log message is expected and useless for API key requests.