Skipping Rails authenticity for a webhook endpoint results in 401










0














Sendgrid's event webhooks send POST requests that are for some reason unauthenticated. I've set up a Rails endpoint on my app on Heroku to receive it, however, it just keeps returning a 401 status. 



2018-11-12T21:17:20.090837+00:00 heroku[router]: at=info method=POST path="/sendgrid_hooks" host=staging.herokuapp.com request_id=ba07cf74-f1e4-40e2-90a8-b1ac67779333 fwd="167.89.116.63" dyno=web.1 connect=0ms service=2ms status=401 bytes=286 protocol=https


I have tried including skip_before_action :verify_authenticity_token, and putting just a blank head(:ok) in the controller action, and all of this works fine locally (e/g. with Postman), but on Heroku it just endlessly returns 401. Is there something I can do to avoid the auth? AFAIK I'm not adding any before actions for any other request authorization (e.g. no devise, etc).



Controller:



class MyHooksController < ActionController::Base
 protect_from_forgery with: :exception
 skip_before_action :verify_authenticity_token, only: :create

 def show
 head(:ok)
 end

 def create
 head(:ok)
 end
end





ruby-on-rails heroku







share|improve this question























  • post your application controller and the webhooks controller
    – Lenin Raj Rajasekaran
    Nov 12 '18 at 21:46















0














Sendgrid's event webhooks send POST requests that are for some reason unauthenticated. I've set up a Rails endpoint on my app on Heroku to receive it, however, it just keeps returning a 401 status. 



2018-11-12T21:17:20.090837+00:00 heroku[router]: at=info method=POST path="/sendgrid_hooks" host=staging.herokuapp.com request_id=ba07cf74-f1e4-40e2-90a8-b1ac67779333 fwd="167.89.116.63" dyno=web.1 connect=0ms service=2ms status=401 bytes=286 protocol=https


I have tried including skip_before_action :verify_authenticity_token, and putting just a blank head(:ok) in the controller action, and all of this works fine locally (e/g. with Postman), but on Heroku it just endlessly returns 401. Is there something I can do to avoid the auth? AFAIK I'm not adding any before actions for any other request authorization (e.g. no devise, etc).



Controller:



class MyHooksController < ActionController::Base
 protect_from_forgery with: :exception
 skip_before_action :verify_authenticity_token, only: :create

 def show
 head(:ok)
 end

 def create
 head(:ok)
 end
end





ruby-on-rails heroku







share|improve this question























  • post your application controller and the webhooks controller
    – Lenin Raj Rajasekaran
    Nov 12 '18 at 21:46













0












0








0







Sendgrid's event webhooks send POST requests that are for some reason unauthenticated. I've set up a Rails endpoint on my app on Heroku to receive it, however, it just keeps returning a 401 status. 



2018-11-12T21:17:20.090837+00:00 heroku[router]: at=info method=POST path="/sendgrid_hooks" host=staging.herokuapp.com request_id=ba07cf74-f1e4-40e2-90a8-b1ac67779333 fwd="167.89.116.63" dyno=web.1 connect=0ms service=2ms status=401 bytes=286 protocol=https


I have tried including skip_before_action :verify_authenticity_token, and putting just a blank head(:ok) in the controller action, and all of this works fine locally (e/g. with Postman), but on Heroku it just endlessly returns 401. Is there something I can do to avoid the auth? AFAIK I'm not adding any before actions for any other request authorization (e.g. no devise, etc).



Controller:



class MyHooksController < ActionController::Base
 protect_from_forgery with: :exception
 skip_before_action :verify_authenticity_token, only: :create

 def show
 head(:ok)
 end

 def create
 head(:ok)
 end
end





ruby-on-rails heroku







share|improve this question















Sendgrid's event webhooks send POST requests that are for some reason unauthenticated. I've set up a Rails endpoint on my app on Heroku to receive it, however, it just keeps returning a 401 status. 



2018-11-12T21:17:20.090837+00:00 heroku[router]: at=info method=POST path="/sendgrid_hooks" host=staging.herokuapp.com request_id=ba07cf74-f1e4-40e2-90a8-b1ac67779333 fwd="167.89.116.63" dyno=web.1 connect=0ms service=2ms status=401 bytes=286 protocol=https


I have tried including skip_before_action :verify_authenticity_token, and putting just a blank head(:ok) in the controller action, and all of this works fine locally (e/g. with Postman), but on Heroku it just endlessly returns 401. Is there something I can do to avoid the auth? AFAIK I'm not adding any before actions for any other request authorization (e.g. no devise, etc).



Controller:



class MyHooksController < ActionController::Base
 protect_from_forgery with: :exception
 skip_before_action :verify_authenticity_token, only: :create

 def show
 head(:ok)
 end

 def create
 head(:ok)
 end
end





ruby-on-rails heroku




ruby-on-rails heroku






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 '18 at 22:56







tastycakeman

















asked Nov 12 '18 at 21:37









tastycakemantastycakeman

11




11











  • post your application controller and the webhooks controller
    – Lenin Raj Rajasekaran
    Nov 12 '18 at 21:46
















  • post your application controller and the webhooks controller
    – Lenin Raj Rajasekaran
    Nov 12 '18 at 21:46















post your application controller and the webhooks controller
– Lenin Raj Rajasekaran
Nov 12 '18 at 21:46




post your application controller and the webhooks controller
– Lenin Raj Rajasekaran
Nov 12 '18 at 21:46












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270458%2fskipping-rails-authenticity-for-a-webhook-endpoint-results-in-401%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270458%2fskipping-rails-authenticity-for-a-webhook-endpoint-results-in-401%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

What does pagestruct do in Eviews?

圖片
0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. What does the following command do in Eviews (I am very new to Eviews) pagestruct crossid @date(dateid) structure eviews share | improve this question edited Nov 12 at 4:19 asked Nov 8 at 9:13 Dom Jo 42 6 add a comment  |  0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. What does the following command do in Eviews (I am very new to Eviews) pagestruct crossid @date(dateid) structure eviews share | improve this question edited Nov 12 at 4:19 asked Nov 8 at 9:13 Dom Jo 42 6 add a comment  |  0 0 0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. Wh...
閱讀完整內容

Dutch intervention in Lombok and Karangasem

圖片
Dutch intervention in Lombok and Karangasem (1894) Attack of the Dutch on a Balinese stronghold in Lombok in 1894. Date July–November 1894 Location Lombok Result Decisive Dutch victory. Dutch control of Lombok and Karangasem. Belligerents Netherlands Eastern Sasak Lombok Mataram Western Sasak Commanders and leaders General-Major Jacobus Augustinus Vetter (Commander) General-Major P.P.H. van Ham (Second in command)   † Strength 2,200 (July expedition) Casualties and losses 500 (August 1894) 166 (November 1894) Thousands v t e Dutch interventions in Bali Northern Bali (1846) Northern Bali (1848) Bali (1849) Lombok and Karangasem (1894) Southern Bali (1906) Southern Bali (1908) v t e Dutch colonial campaigns 17th Century Bantam (1601) Malacca (1606) Cape Rachado (1606) Banda Islands (1621) Macau (1622) Pescadores (1622–1624) Bahia (1624) Persian Gulf (1625) Elmina (1625) Cuba (1628) Recife (1630) Albrolhos (1631) Liaoluo Bay (1633) Taiwan (1635–36) Lamey...
閱讀完整內容

Channel Islands

圖片
This article is about the Crown dependencies. For the islands off Southern California, see Channel Islands (California). For the French Channel Islands, see Chausey. Channel Islands Îles Anglo-Normandes    (French) Îles d'la Manche    (Norman) Satellite photo of the Channel Islands in 2012 Location of the Channel Islands Geography Location Western Europe Coordinates 49°26′N 2°19′W  /  49.433°N 2.317°W  / 49.433; -2.317 Coordinates: 49°26′N 2°19′W  /  49.433°N 2.317°W  / 49.433; -2.317 Adjacent bodies of water English Channel Total islands 8 inhabited Major islands Jersey and Guernsey Area 198 km 2 (76 sq mi) Highest point Les Platons Administration Bailiwick of Guernsey Capital and largest settlement Saint Peter Port, Guernsey Area covered 78 km 2 (30 sq mi;  7001394000000000000♠ 39.4%) Bailiwick ...
閱讀完整內容