I'm encountering an issue in my Rails application where I get ActionController::InvalidAuthenticityToken when trying to set the first address as default. The error occurs during the create action in the AddressesController. I've tried various solutions such as adding protect_from_forgery and csrf_meta_tags, but the problem persists. The strange thing is that this issue only happens with the first address created, and subsequent addresses work fine and I can set them as default addresses. I've provided my controller code and relevant views for reference.
I've tried adding protect_from_forgery with: :exception, including csrf_meta_tags in my layout, and ensuring the form_authenticity_token is present in my forms. I expected these measures to resolve the ActionController::InvalidAuthenticityToken issue, but it still persists, specifically when attempting to set the first address as default. Other addresses don't trigger this error.
def set_default
@address = current_user.addresses.find(params[:id])
current_user.addresses.update_all(default: false)
if @address.update(default: true)
flash[:notice] = "Default address set successfully."
else
flash[:alert] = "Failed to set default address. Errors: #{address.errors.full_messages.to_sentence}"
end
redirect_to user_addresses_path(current_user)
end
<% @addresses.each do |address| %>
<% unless address.default %>
<div>
<%= form_tag set_default_user_address_path(@user, address), method: :post do %>
<div>
<%= address.first_name %> <%= address.last_name %> <br>
<%= address.street %><br>
<%= address.city %><br>
<%= address.county %><br>
<%= address.postcode %><br>
<%= address.phone_number %>
</div>
<br><br>
<%= submit_tag 'Set as Default', class: 'btn btn-primary' %>
<br><br>
<% end %>
<%= button_to "Delete", user_address_path(@user, address), method: :delete, data: { confirm: "Are you sure you want to delete this address?" }, class: 'btn btn-danger' %>
<br><br>
</div>
<% end %>
<% end %>
UPDATE
I added protect_from_forgery with: :null_session to the addresses_controller and the initial CSRF error has gone. Now I have this error =>
ActionController::ParameterMissing in AddressesController#create param is missing or the value is empty: address Extracted source (around line #66): 64 65 66 67 68
def address_params params.require(:address).permit(:first_name, :last_name, :street, :city, :county, :postcode, :phone_number) end end
But the address_params are part of the create method, not set_default method. So I'm not sure whats going on here.
I inspected the HTML using the inspector tools, the first address is not showing to be within form tags. All other address are however. Very strange. Any help will be appreciated.