使用真实性令牌完成POST请求，但仍然引发异常 [英] POST request done with Authenticity Token, but exception still rased

问题描述

我的控制器正在响应js GET请求，并且在我的js.erb文件中，我使用用户浏览器的Fingerprint2生成的浏览器数据进行报告.由于数据字符串较大，因此可以通过POST请求完成此操作，因此我插入了一个beforeSend方法来添加真实性令牌.

My controller is responding to a js GET request, and in my js.erb file I am reporting back with the Fingerprint2 generated browser data of the users browser. This is done with a POST request, because of the large data string, so I have inserted a beforeSend method that adds the Authenticity Token.

但是，这被ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken拒绝.当我检查时，标头看起来就像在成功的GET请求中一样:

However, this is rejected with ActionController::InvalidAuthenticityToken - ActionController::InvalidAuthenticityToken. When I check, the header looks like it does in the GET requests that succeed:

X-CSRF-Token:hl/TgkY7k0yBG03KX9IBrsDhk2K4tUUh8JTooT7A0yYZ0l53p8lTt0F3dZvRwyS3bIkbbkuTdElP2KisozjXjw==

js代码如下:

(new Fingerprint2).get(function(fingerprint, components) {
  return $.ajax({
    url: "/user_browser",
    type: "post",
    beforeSend: function(xhr) {
      xhr.setRequestHeader('X-CSRF-Token',
      $('meta[name="csrf-token"]').attr('content'))
    },
    data: {
      some_id: '123',
      components: JSON.stringify(components),
      fingerprint: fingerprint
    },
    dataType: "json"
  }).success(function(data) {});
});

推荐答案

我找到了问题的根源.几天前，我从以下位置更改了config/session_store.rb:

I found the root of the problem. Some days ago I changed my config/session_store.rb from:

MyApp::Application.config.session_store :cookie_store, key: '_my-app_session'

收件人:

MyApp::Application.config.session_store :disabled

当我改回去时，问题消失了.

When I changed this back the problem disappeared.

这篇关于使用真实性令牌完成POST请求，但仍然引发异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！