Ruby-on-rails Rails 5 ActionController::InvalidAuthenticityToken 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38331496/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Rails 5 ActionController::InvalidAuthenticityToken error
提问by HSD
I have a rails application which I am planning to upgrade to rails 5. I am using devise(v4.2.0) along with rails(v5.0.0). As suggested in devise README.md file, I tried moving the protect_from_forgery above the before_filter but still when I am trying to login or update my bug I get an error ActionController::InvalidAuthenticityToken
我有一个 rails 应用程序,我打算升级到 rails 5。我正在使用 devise(v4.2.0) 和 rails(v5.0.0)。正如设计 README.md 文件中所建议的那样,我尝试将protect_from_forgery 移到before_filter 之上,但是当我尝试登录或更新我的错误时,我仍然收到错误消息ActionController::InvalidAuthenticityToken
My Application Controlleris
我的Application Controller是
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception, prepend: true
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
devise_parameter_sanitizer.permit(:account_update, keys: [:name])
end
end
And my other BugControlleris
而我的另一个BugController是
class BugsController < ApplicationController
protect_from_forgery prepend: true, with: :exception
before_action :authenticate_user!
before_action :set_bug, only: [:show, :edit, :update]
def update
respond_to do |format|
if @bug.update(bug_params)
format.html { redirect_to @bug, notice: 'Bug was successfully updated.' }
format.json { render :show, status: :ok, location: @bug }
else
format.html { render :edit }
format.json { render json: @bug.errors, status: :unprocessable_entity }
end
end
end
private
def bug_params
params.require(:bug).permit(:product, :component, :title, :description, :status_id, :created_by_id, :assigned_to_id)
end
end
采纳答案by Boltz0r
Note: While this answer has the desired effect, it does so by reducing overall security. The below answer by Alon is more correct and maintains the security of the site.
注意:虽然此答案具有预期效果,但它通过降低整体安全性来实现。以下 Alon 的回答更正确,并维护了网站的安全。
class BugsController < ApplicationController
skip_before_filter :verify_authenticity_token
protect_from_forgery prepend: true, with: :exception
before_action :authenticate_user!
before_action :set_bug, only: [:show, :edit, :update]
end
Like This
像这样
回答by Alon Burg
As indicated in Devise documentationnotes for Rails 5
如Rails 5 的设计文档说明中所示
For Rails 5, note that
protect_from_forgeryis no longer prepended to thebefore_actionchain, so if you have setauthenticate_userbeforeprotect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or useprotect_from_forgery prepend: true.
为Rails 5,注意
protect_from_forgery不再前置到before_action链,因此,如果您已设置authenticate_user之前protect_from_forgery,您的要求将导致“无法验证CSRF令牌的真实性。” 要解决此问题,请更改您调用它们的顺序,或使用protect_from_forgery prepend: true.
回答by fuzzygroup
I recently hit this in a fairly large way and I found that my error was my application's domain name had recently changed but I forgot to update session_store.rb. That may not be everyone's issue but it will report this as a CSRF error. So please check out config/session_store.rb
我最近以相当大的方式遇到了这个问题,我发现我的错误是我的应用程序的域名最近发生了变化,但我忘记更新 session_store.rb。这可能不是每个人的问题,但它会将此报告为 CSRF 错误。所以请查看 config/session_store.rb
回答by Yashu Mittal
I have used something like this and it works for me.
我用过这样的东西,它对我有用。
class WelcomeController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_model!
end
回答by Vitaliy LiBrus
This decision helped me. I took the decision [from here] [1]. just as for me, the unfortunate name of that topic, using the keywords of error I didn't get there, so I'll give in this thread, because here is the exact name of the error.
in my case, I "added" the following line to the application_controller.rbfile:
这个决定帮助了我。我做出了决定[从这里] [1]。就我而言,该主题的不幸名称,使用错误的关键字我没有到达那里,所以我将在此线程中给出,因为这是错误的确切名称。就我而言,我在application_controller.rb文件中“添加”了以下行:
protect_from_forgery with:: null_session
there is a solution where it says "REPLACE" line protect_from_forgery with:: exception, if it exists, to the one I quoted above
有一个解决方案,上面写着“REPLACE”行protect_from_forgery with:: exception,如果存在的话,我上面引用的那个
?? [1]: Rails 4 Authenticity Token
?? [1]:Rails 4 真实性令牌
