ActionController::InvalidCrossOriginRequest in Contributors::AuctionItemsController#auctions

Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

Extracted source (around line #239):
237
238
239
240
241
242
              
if marked_for_same_origin_verification? && non_xhr_javascript_response?
logger.warn CROSS_ORIGIN_JAVASCRIPT_WARNING if logger
raise ActionController::InvalidCrossOriginRequest, CROSS_ORIGIN_JAVASCRIPT_WARNING
end
end

Rails.root: /var/www/html/winningticket/releases/20231114093748

Application Trace | Framework Trace | Full Trace
actionpack (5.0.6) lib/action_controller/metal/request_forgery_protection.rb:239:in `verify_same_origin_request'
activesupport (5.0.6) lib/active_support/callbacks.rb:382:in `block in make_lambda'
activesupport (5.0.6) lib/active_support/callbacks.rb:218:in `block in halting'
activesupport (5.0.6) lib/active_support/callbacks.rb:456:in `block in call'
activesupport (5.0.6) lib/active_support/callbacks.rb:456:in `each'
activesupport (5.0.6) lib/active_support/callbacks.rb:456:in `call'
activesupport (5.0.6) lib/active_support/callbacks.rb:101:in `__run_callbacks__'
activesupport (5.0.6) lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks'
activesupport (5.0.6) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.6) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (5.0.6) lib/action_controller/metal/rescue.rb:20:in `process_action'
actionpack (5.0.6) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (5.0.6) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (5.0.6) lib/active_support/notifications/instrumenter.rb:21:in `instrument'
activesupport (5.0.6) lib/active_support/notifications.rb:164:in `instrument'
actionpack (5.0.6) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (5.0.6) lib/action_controller/metal/params_wrapper.rb:248:in `process_action'
searchkick (1.3.6) lib/searchkick/logging.rb:153:in `process_action'
activerecord (5.0.6) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (5.0.6) lib/abstract_controller/base.rb:126:in `process'
actionview (5.0.6) lib/action_view/rendering.rb:30:in `process'
actionpack (5.0.6) lib/action_controller/metal.rb:190:in `dispatch'
actionpack (5.0.6) lib/action_controller/metal.rb:262:in `dispatch'
actionpack (5.0.6) lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
actionpack (5.0.6) lib/action_dispatch/routing/route_set.rb:32:in `serve'
actionpack (5.0.6) lib/action_dispatch/journey/router.rb:39:in `block in serve'
actionpack (5.0.6) lib/action_dispatch/journey/router.rb:26:in `each'
actionpack (5.0.6) lib/action_dispatch/journey/router.rb:26:in `serve'
actionpack (5.0.6) lib/action_dispatch/routing/route_set.rb:727:in `call'
warden (1.2.7) lib/warden/manager.rb:36:in `block in call'
warden (1.2.7) lib/warden/manager.rb:35:in `catch'
warden (1.2.7) lib/warden/manager.rb:35:in `call'
rack (2.0.7) lib/rack/etag.rb:25:in `call'
rack (2.0.7) lib/rack/conditional_get.rb:25:in `call'
rack (2.0.7) lib/rack/head.rb:12:in `call'
rack (2.0.7) lib/rack/session/abstract/id.rb:232:in `context'
rack (2.0.7) lib/rack/session/abstract/id.rb:226:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.0.6) lib/active_record/migration.rb:553:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
activesupport (5.0.6) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
activesupport (5.0.6) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
activesupport (5.0.6) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.6) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
rollbar (2.22.1) lib/rollbar/middleware/rails/rollbar.rb:25:in `block in call'
rollbar (2.22.1) lib/rollbar.rb:145:in `scoped'
rollbar (2.22.1) lib/rollbar/middleware/rails/rollbar.rb:22:in `call'
ddtrace (1.6.1) lib/datadog/tracing/contrib/rails/middlewares.rb:19:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
rollbar (2.22.1) lib/rollbar/middleware/rails/show_exceptions.rb:22:in `call_with_rollbar'
actionpack (5.0.6) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.0.6) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.0.6) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (5.0.6) lib/active_support/tagged_logging.rb:69:in `block in tagged'
activesupport (5.0.6) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (5.0.6) lib/active_support/tagged_logging.rb:69:in `tagged'
railties (5.0.6) lib/rails/rack/logger.rb:24:in `call'
sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
request_store (1.5.1) lib/request_store/middleware.rb:19:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/request_id.rb:24:in `call'
rack (2.0.7) lib/rack/method_override.rb:22:in `call'
rack (2.0.7) lib/rack/runtime.rb:22:in `call'
activesupport (5.0.6) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/static.rb:136:in `call'
rack (2.0.7) lib/rack/sendfile.rb:111:in `call'
actionpack (5.0.6) lib/action_dispatch/middleware/ssl.rb:84:in `call'
rack-cors (1.1.1) lib/rack/cors.rb:100:in `call'
ddtrace (1.6.1) lib/datadog/tracing/contrib/rack/middlewares.rb:87:in `call'
railties (5.0.6) lib/rails/engine.rb:522:in `call'
/home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'
/home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:152:in `accept_and_process_next_request'
/home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'
/home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'
/home/ubuntu/.rvm/gems/ruby-2.3.1/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

Request

Parameters:

{"auction_type"=>"live", "event_id"=>"tkfgc-2022"}

Response

Headers:

None