Skip to content

ArgumentError: invalid base64 when update Rails v5.2.5

Steps to reproduce

When update rails v5.2.4.5 -> v5.2.5 in production env, Error occurs due to change of CSRF Token format from base64_strict to base64_urlsafe.

Error messages:

ArgumentError: invalid base64
File /usr/local/lib/ruby/2.6.0/base64.rb line 74 in unpack1
File /usr/local/lib/ruby/2.6.0/base64.rb line 74 in strict_decode64
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/action_controller/metal/request_forgery_protection.rb line 406 in real_csrf_token
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/action_controller/metal/request_forgery_protection.rb line 423 in csrf_token_hmac
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/action_controller/metal/request_forgery_protection.rb line 417 in global_csrf_token
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/action_controller/metal/request_forgery_protection.rb line 321 in masked_authenticity_token
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/action_controller/metal/request_forgery_protection.rb line 308 in form_authenticity_token
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.5/lib/abstract_controller/helpers.rb line 67 in form_authenticity_token
File /var/www/app/vendor/bundle/ruby/2.6.0/gems/actionview-5.2.4.5/lib/action_view/helpers/csrf_helper.rb line 26 in csrf_meta_tags

Expected behavior

In rails v5.2.x or v6.0.x, CSRF Token format should use base64_strict. or as well as rails v6.1.x, it should switch to use base64_strict with option of action_controller.urlsafe_csrf_tokens in rails v5.2.x or v6.0.x

Because it couldn't switch CSRF Token format, error occurs when update rails v5.2.4.5 -> v5.2.5 And also, when update rails 5.2.5 -> 6.0.x, will be raise error again due to change of CSRF Token format from base64_urlsafe (rails v5.2.5) to base64_strict (rails v6.0.x).

Actual behavior

In rails v5.2.4.5 or previous versions: CSRF Token format use base64_strict. In rails v5.2.5: CSRF Token format use base64_urlsafe. In rails v6.0.x, CSRF Token format use base64_strict. In rails v6.1.x, CSRF Token format use base64_urlsafe by defalut, and it can switch to use base64_strict with option of action_controller.urlsafe_csrf_tokens

System configuration

Rails version: 5.2.5 Ruby version: 2.7.2