使跨站请求伪造令牌在 Rails 中存活更长时间
在我制作的应用程序中,我收到了很多这样的消息:
A ActionController::InvalidAuthenticityToken occurred in items#vote_up:
ActionController::InvalidAuthenticityToken
/var/lib/gems/1.8/gems/actionpack-2.3.4/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token'
我怀疑它的发生是因为人们在该页面上花费了大量时间而没有刷新它(它使用ajax)并且令牌过期了。
有没有办法让这些代币寿命更长?
In an application I make I'm getting lots of these messages:
A ActionController::InvalidAuthenticityToken occurred in items#vote_up:
ActionController::InvalidAuthenticityToken
/var/lib/gems/1.8/gems/actionpack-2.3.4/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token'
which I suspect it's happening because people spend a lot of time on that page without ever refreshing it (it uses ajax) and the tokens expire.
Is there a way to make those tokens live longer?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
没有理由说明时间限制会导致此异常。当请求中收到的伪造保护令牌与应有的不同时,会导致
ActionController::InvalidAuthenticityToken异常。您可以将以下代码添加到 JavaScript 中,以添加正确的伪造保护令牌:
这样,您的令牌将是正确的。
There is no reason why a time limit would be causing this exception. The exception
ActionController::InvalidAuthenticityTokenis caused when the forgery protection token received in the request is different from what it should be.Here is some code that you can add to your JavaScript to add in the correct forgery protection token:
This way, your token will be correct.