Rails 身份验证令牌和 Ajax
好吧,根据我在其他网站和堆栈溢出上读到的内容,Rails 会抛出此身份验证令牌错误,因为我的表单未传递令牌 - 这是一项安全功能。 这我明白了。
但我确实没有表格。 我这里有 ajax ——我的 javascript 将 id'ed 信息发布到处理函数中。
所以我的问题是,如何将身份验证令牌发送到我的控制器?
我的视图如下所示:
<% for transaction in @transactions %>
<% if transaction["category"] == '' %>
<% transaction["category"] = "Uncategorized" %>
<% end %>
<tr title = "<% if params[:type] %><%= params[:type] %><% else %>Purchases<% end %> <%= transaction["id"] %>" >
<td class="check"><a class="help" href="#"><img src="/images/icons/help.png" alt="?" /></a><input type="checkbox" /></td>
<td class="date"><% if transaction["date"] != "0000-00-00 00:00:00" %><%= transaction["date"].to_date.strftime("%B %d") %><% end %></td>
<% if params[:type] == "Bills" || params[:type] == "Reimbursements" %>
<td class="payee"><%= transaction["payee"] %></td>
<td class="details"><%= transaction["details"] %></td>
<% else %>
<td class="description"><% if transaction["detail"] == "undefined" %>n/a<% else %><%= transaction["detail"] %><% end %></td>
<td class="category">n/a</td>
<% end %>
<td class="amount">-$<%= transaction["amount"] %></td>
</tr>
<% end %>
相应的ajax如下:
/* send ids by ajax */
$('#tableActions li a').click(function() {
if(!$(this).hasClass('disabled')) {
action = $(this).text();
ids = new Array();
i = 0;
$('td.check input','#tableHolder').each(function() { if($(this).attr('checked')) { ids[i++] = $(this).parents('tr').attr('title'); } });
$.ajax({
type: "POST",
url: "/bulkaction",
data: "=" + action + "&ids=" + ids + "&authenticity_token=" + encodeURIComponent(AUTH_TOKEN),
success: function(data){
$('#tableHolder').html(data);
/* bring back all functionality */
initTable();
/* set default sorting by date desc */
$('th').removeClass('sortUp sortDown');
$('th:eq(1)').addClass('sortDown');
/* disable all actions */
$('#tableActions li a').addClass('disabled');
}
});
}
return false;
});
我在控制器中的处理逻辑如下所示
def bulkaction
if request.post?
ids = params[:ids]
#Need to create a function here to parse out my string
puts ids #for testing purposes, just put my ids onto the console
end
puts "This function was accessed and ran."
end
最后控制台说
Processing UserController#bulkaction (for ::ffff:xx.xxx.xxx.xxx at 2009-07-06 23 :29:49) [POST]
Parameters: {"ids"=>"Purchases 10040963"}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticit yToken):
/usr/local/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/local/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/local/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/local/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/local/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:82:in `start'
如果有人能够告诉我哪里出了问题,那将非常有帮助。
Okay so from what I've read on other websites and on stack overflow, Rails throws this Authentication token error because my form doesn't pass the token -- and it's a security feature. This I understand.
However I don't really have a form. I have ajax here -- my javascript posts the id'ed information into a processing function.
So my question is, how do I get the authentication token to my controller?
My view looks like this:
<% for transaction in @transactions %>
<% if transaction["category"] == '' %>
<% transaction["category"] = "Uncategorized" %>
<% end %>
<tr title = "<% if params[:type] %><%= params[:type] %><% else %>Purchases<% end %> <%= transaction["id"] %>" >
<td class="check"><a class="help" href="#"><img src="/images/icons/help.png" alt="?" /></a><input type="checkbox" /></td>
<td class="date"><% if transaction["date"] != "0000-00-00 00:00:00" %><%= transaction["date"].to_date.strftime("%B %d") %><% end %></td>
<% if params[:type] == "Bills" || params[:type] == "Reimbursements" %>
<td class="payee"><%= transaction["payee"] %></td>
<td class="details"><%= transaction["details"] %></td>
<% else %>
<td class="description"><% if transaction["detail"] == "undefined" %>n/a<% else %><%= transaction["detail"] %><% end %></td>
<td class="category">n/a</td>
<% end %>
<td class="amount">-lt;%= transaction["amount"] %></td>
</tr>
<% end %>
The corresponding ajax is as follows:
/* send ids by ajax */
$('#tableActions li a').click(function() {
if(!$(this).hasClass('disabled')) {
action = $(this).text();
ids = new Array();
i = 0;
$('td.check input','#tableHolder').each(function() { if($(this).attr('checked')) { ids[i++] = $(this).parents('tr').attr('title'); } });
$.ajax({
type: "POST",
url: "/bulkaction",
data: "=" + action + "&ids=" + ids + "&authenticity_token=" + encodeURIComponent(AUTH_TOKEN),
success: function(data){
$('#tableHolder').html(data);
/* bring back all functionality */
initTable();
/* set default sorting by date desc */
$('th').removeClass('sortUp sortDown');
$('th:eq(1)').addClass('sortDown');
/* disable all actions */
$('#tableActions li a').addClass('disabled');
}
});
}
return false;
});
My processing logic in the controller looks like
def bulkaction
if request.post?
ids = params[:ids]
#Need to create a function here to parse out my string
puts ids #for testing purposes, just put my ids onto the console
end
puts "This function was accessed and ran."
end
And finally the console says
Processing UserController#bulkaction (for ::ffff:xx.xxx.xxx.xxx at 2009-07-06 23 :29:49) [POST]
Parameters: {"ids"=>"Purchases 10040963"}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticit yToken):
/usr/local/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/local/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/local/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/local/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/local/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/local/lib/ruby/1.8/webrick/server.rb:82:in `start'
It would be very helpful if someone were able to tell me where I was going wrong.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
解决了! 将 ajax 更改为
我添加到每个页面的头部
Solved! changed the ajax to
And I added to the head for each page
如果您使用 jQuery,此技术效果很好。
http://henrik.nyh.se/2008/05/rails -authenticity-token-with-jquery
This technique works well if you are using jQuery.
http://henrik.nyh.se/2008/05/rails-authenticity-token-with-jquery
henrik.nyh.se 网站似乎已关闭。 该版本还包含一个错误,该错误将 get 请求变成了 Internet Explorer 的 post 请求。 此修复版本来自: http://www.justinball.com/2009/07/08/jquery-ajax-get-in-firefox-post-in-internet-explorer/
The site henrik.nyh.se seems to be down. The version there also contains an error which turns the get request into a post request with Internet Explorer. This fixed version is from: http://www.justinball.com/2009/07/08/jquery-ajax-get-in-firefox-post-in-internet-explorer/