ruby 警告:在 API 开发的情况下无法验证 CSRF 令牌的真实性
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15040964/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
WARNING: Can't verify CSRF token authenticity in case of API development
提问by gipcompany
I am right now developing web APIswith Ruby on Rails. When the Rails app receives POST request without any csrf token, the following error message shall happen. Because the app has no views.
我现在正在使用 Ruby on Rails开发 Web API。当 Rails 应用程序收到没有任何 csrf 令牌的 POST 请求时,将出现以下错误消息。因为该应用程序没有视图。
WARNING: Can't verify CSRF token authenticity
So my question is how can I escape csrf token check safely in this case?
所以我的问题是在这种情况下如何安全地逃避 csrf 令牌检查?
Thank you very much in advance.
非常感谢您提前。
回答by Kush Kella
You can do this by adding
您可以通过添加来做到这一点
skip_before_filter :verify_authenticity_token
to your controller. This way all incoming requests to the controller skips the :verify_authenticity_token filter.
到您的控制器。这样,所有传入控制器的请求都会跳过 :verify_authenticity_token 过滤器。
回答by Bryan Dimas
For rails 4 it should be
对于导轨 4,它应该是
skip_before_action :verify_authenticity_token, only: [:one_or_two_actions_here]
Note that you should avoid skipping verify_authenticity_token on all actions of your controller, instead use the option onlyto skip only where you have to. See the docs
请注意,您应该避免在控制器的所有操作上跳过 verify_authenticity_token,而是使用该选项only仅在您必须跳过的地方跳过。查看文档
