Error 422: InvalidAuthenticityToken for current_user

[jessicafarias]

Hello @Gokul595 and Team.
I have an issue with the token maybe I'm not using the gem properly.
I create two simple models, one for tasks and another one for users.
(User has_many tasks)

Inside TaskController I have:

before_action :authenticate_and_set_user

  ##  Works perfectly fine. I can GET and display all tasks of the current_user
  def index
    @tasks = current_user.tasks
    render json: @tasks
  end
  
   ## ERROR 422 ActionController::InvalidAuthenticityToken 
  def create
    @task = current_user.tasks.new(task_params)
      if @task.save
        render json: @task, status: :created, location: @task
      else
        render json: @task.errors, status: :unprocessable_entity
      end
  end

def task_params
    params.permit(:name, :img, :goal, :time)
  end

The response that I get when I try to POST data on tasks#create:

ActionController::InvalidAuthenticityToken in TasksController#create
def handle_unverified_request
  raise ActionController::InvalidAuthenticityToken
end

The token is on localStorage It works when I GET but is not working to POST.

//Front-end fetch to POST
const createTaskRequest = async (data, token) => {
  const url = 'http://localhost:3002/tasks';
  const response = await fetch(url, {
    method: 'POST',
    mode: 'cors',
    headers: {
      Authorization: `Bearer ${token}`,
    },
    body: JSON.stringify(data),
  });
  return response.json();
};

export default createTaskRequest;

Thanks for your time.

[Gokul595]

@jessicafarias This is a default behaviour of Rails for non GET requests to protect from CSRF attacks, and not related to API Guard. You can refer below link to know how to skip this check for API requests.

https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html