收到警告:从 Rails 3.0.2 升级到 3.1 后无法验证 CSRF 令牌的真实性
搜索了一段时间,常见的解决方案是插入 <%= csrf_meta_tags %>布局标题。然而,这没有什么区别。 没有帮助
安装 jquery-rails 对Rails 3.1.0 红宝石 1.9.2 Mongoid 2.2.0
进入 3.1 后另一个奇怪的事情是,当我通过 rake 路由检查路由时,有一些 url 助手未指定的 url,例如 GET、PUT 和 DELETE 具有相同的 url,但只有第一个猫可以通过帮助程序定义的 url。
edit_message GET /:permalink/messages/:id/edit(.:format){:action=>"edit", :controller=>"messages"}
消息 GET /:permalink/messages/:id(.:format ) ){:action=>"显示", :controller=>"消息"}
PUT /:permalink/messages/:id(.:format) {:action=>"update", :controller=>"messages"}
DELETE /:permalink/messages/:id(.:format) {:action=>"destroy", :controller=>"messages"}
Searched around for a while, the common solution to it is to insert <%= csrf_meta_tags %> to layout header. However, it makes no difference. Installing jquery-rails doesn't help either
Rails 3.1.0
Ruby 1.9.2
Mongoid 2.2.0
Another weird thing after coming to 3.1 is that when I check routes by rake routes, there are some urls not specified by url helpers, like GET, PUT and DELETE have the same url but only the first one cat be reached by helper defined url.
edit_message GET /:permalink/messages/:id/edit(.:format){:action=>"edit", :controller=>"messages"}
message GET /:permalink/messages/:id(.:format){:action=>"show", :controller=>"messages"}
PUT /:permalink/messages/:id(.:format) {:action=>"update", :controller=>"messages"}
DELETE /:permalink/messages/:id(.:format) {:action=>"destroy", :controller=>"messages"}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题的前半部分是通过向每个ajax请求添加令牌来解决的。因为从 Rails 3.0.4 开始(如果我记得的话),如果您将 protected_from_forgery 放入应用程序控制器中,Rails 要求每个 ajax 请求都携带真实性令牌。
The first half part of the question was solved by adding token to each ajax request. Because starting with Rails 3.0.4 (if I remember), Rails requires each ajax request to carry with authenticity token if you put protect_from_forgery in your application controller.