[Bootstrap] Suddenly I can't log out ~ Why? It seems to be a CSRF problem ~

What you want to solve

I can't log out after installing Bootstrap.

Problems / errors that are occurring

After logging in, when I press the logout button in the header part, an error message appears and I cannot log out for the rest of my life.

a746095752c272c27d28d5b332bbf41f.png

Applicable source code

application.html.erb


<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="description" content="">
    <meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
    <meta name="generator" content="Jekyll v4.0.1">
    <title>Party Freak</title>

    <%= stylesheet_link_tag 'application', media: 'all'%>

~ The following is omitted ~

Previous source code

application.html.erb


<!DOCTYPE html>
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>Party Freak</title>
    <%= csrf_meta_tags %>
    <%= csp_meta_tag %>
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
    <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
    <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>

~ The following is omitted ~

What I tried myself

If you return the description of the <head> part of <html> to before the introduction, you will be able to log out. Eventually, by swapping the bottom from <head>, no error occurred and you can log out as before. In addition, the source code that had problems with login and new posting was also made. I found something that can be logged out by partially replacing it or trying various things and adding a description for several tens of minutes.

application.html.erb


<%= csrf_meta_tags %>
<%= csp_meta_tag %>

It was these two. When I looked it up, there was a description about cross-site request forgery. Rails is ** security dangerous, so stop! It was that he was careful with **. Thank you Rails, I'm sorry I'm always angry with the error.

Source code that no longer gives an error (changed below head)

application.html.erb



<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="description" content="">
    <meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
    <meta name="generator" content="Jekyll v4.0.1">
    <title>Party Freak</title>
    <%= csrf_meta_tags %>⬅️ Added
    <%= csp_meta_tag %>⬅️ Added
    <%= stylesheet_link_tag 'application', media: 'all'%>
    <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>⬅️ Add this for some reason
~ The following is omitted ~

It is a mystery that I could not log out without inserting the JS at the bottom. No matter how many times I try it, it seems to be useless without this, but I don't know the reason. I would appreciate it if anyone could understand the reason.

Recommended Posts

[Bootstrap] Suddenly I can't log out ~ Why? It seems to be a CSRF problem ~
There seems to be a word "de-Java".
Why can't Arrays.asList (T ... a) be add or remove?