I want to show a cookies GDPR modal and let visitors choose cookies options (performance, required only, etc) through a form sent in AJAX, even on 404 pages.
Sadly the form submit results in InvalidAuthenticityToken (CSRF protection) because the session is not loaded in exception routes.
For instance, with the following code, the Set-Cookie: first_visit_at=timestamp is not sent in the response :
# config/initialiers/
rails_config.exceptions_app = rails_app.routes
# config/routes.rb
match '/404', to: 'errors#error_404', via: :get
# app/controllers/errors_controller.rb
def errors_404
cookies[:first_visit_at] = Time.zone.now
end
I’ve created a discussion in rails github, but didn’t get any answer.
So, how can I force Rails to properly start the cookies session store even when an ActiveRecord::RecordNotFound is raised (or anything which results in using exceptions_app) ?
Thank you very much !