ruby on rails 4 - Ember-Simple-Auth Can't verify CSRF token authenticity even when X-CSRF-Token is in header -

i know there tons of questions of topic, haven't found what's causing problem.

problem

i message on rails server can't verify csrf token authenticity when can see on chrome header present. (as shown in picture)

my setup

• rails 4.2 backend restful api
• ember.js 1.11.3 frontend
• devise
• ember-simple-auth.

i followed these instructions of how setup ember-simple-auth-devise uses authentication via token. did same 1 exception, instead of putting next code inside applicationcontroller defined apicontroller class in effort separate api logic rest of site.

class apicontroller < actioncontroller::base    protect_from_forgery with: :null_session    before_action :authenticate_user_from_token!    # had comment line out in order    # make authentication work   # before_filter :authenticate_user!    protected    def configure_permitted_parameters     devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(       :username, :first_name, :last_name, :email, :password, :password_confirmation     ) }     devise_parameter_sanitizer.for(:account_update) { |u| u.permit(       :username, :first_name, :last_name, :email, :password, :current_password     ) }   end    private    def authenticate_user_from_token!     authenticate_with_http_token |token, options|       user_email = options[:email].presence       user = user_email && user.find_by_email(user_email)        if user && devise.secure_compare(user.authentication_token, token)         sign_in user, store: false       end     end   end end 

please note had comment before_filter :authenticate_user! out make authentication work. line 401 unauthorized requests.

i hope can give me insight of:

-why getting can't verify csrf token authenticity when x-csrf-token in header

-why important/necesary keep line commented example instructions?

thanks in advance.