尝试在Rails 3中呈现表单时，在request_forgery_protection中为nil。[] [英] nil.[] in request_forgery_protection when trying to render a form in rails 3

问题描述

每当我尝试向其添加form_tag时，Rails都会在页面上抛出NoMethodError，并给出以下错误输出和堆栈跟踪：

 没有想到的时候您有一个nil对象！ 
您可能期望使用Array的实例。 
评估为nil时发生错误。[] 
 
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_controller / metal / request_forgery_protection.rb：114：in`form_authenticity_token '
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / abstract_controller / helpers.rb：55：在`form_authenticity_token'中
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 /lib/action_view/helpers/form_tag_helper.rb:582:in`token_tag'
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_view / helpers / form_tag_helper.rb：555：inʻextra_tags_for_form '
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_view / helpers / form_tag_helper.rb：566：在`form_tag_html'中
 ruby​​ / 1.9.1 / gems / actionpack-3.0 .5 / lib / action_view / helpers / form_tag_helper.rb：573：在`form_tag_in_block'
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_view / helpers / form_tag_helper.rb：52：in `form_tag'
 app / views / teams / new.html.erb：1：in`_app_views_teams_new_html_erb__114968057028112192_2181733580__2538292988913059192'
  

堆栈跟踪还有更多t的相关部分是它是由被调用的form_tag触发的，并导致进入request_forgery_protection。

当我从页面中删除form_tag时，错误仍然存​​在但现在它是由我的应用程序布局中的
<％= csrf_meta_tag％>触发的。

在这种情况下，跟踪也指向控制器中request_forgery_protection方法中的同一行

  ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_controller / metal / request_forgery_protection.rb：114：在`form_authenticity_token'
 ruby​​ / 1.9.1 / gems / actionpack中-3.0.5 / lib / abstract_controller / helpers.rb：55：in`form_authenticity_token'
 ruby​​ / 1.9.1 / gems / actionpack-3.0.5 / lib / action_view / helpers / csrf_helper.rb：9：in `csrf_meta_tag'
 app / views / layouts / application.html.erb：5：in`_app_views_layouts_application_html_erb___1820392644171111615_2183801660__2538292988913059192'
  

我尝试在ApplicationController中注释掉 protect_from_forgery，但这无济于事。而且我还尝试注释掉了csrf_meta_tag，当我注释掉并移除form_tag时，它可以呈现动作。

要调试此功能，试图使我的观点成为最基本的观点：

 < div> 
< h1>这是标题< / h1> 
 
<％= form_tag do％> 
表单内容
<％end％> 
< / div> 
  

我的控制器如下：

 类TeamsController< ApplicationController 
 before_filter：authenticate_user！ 
 check_authorization 
 load_and_authorize_resource 
 
 def new 
 @team = Team.new 
 end 
 end 
  

我要使用的相关宝石是：Devise，Cancan和Rails 3.0.5

编辑：我的会话转储如下-

  _csrf_token： iZRWhye / WBrzjWbKreJVIRpfTbfpbSaaJu3fMiW3wEg = 
 flash： {：notice =>已成功登录。} 
 session_id： 85fc7d152a17ca884f5b29​​9f4cde926b 
 warden.user.user.key：[ User，[1]， $ 2a $ 10 $ KC66DL1T。 71ERw4d4VHVq。] 
 warden.user.user.session：{ last_request_at => 2011-08-02 22:03:57 UTC} 
  

解决方案

将其放在您的视图中并粘贴输出：

 < pre> 
<％= method（：session）％> 
<％= instance_variable_get（：@ controller）.method（：session）％> 
<％= instance_variable_get（：@ controller）.instance_variable_get（：@_ request）.session.inspect％> 
< / pre> 
  

如果您的控制器名为HomeController，您将看到类似以下内容：

 ＃<方法：＃< Class：0x1cc12fc>（ActionView :: Base）＃session> 
＃<方法：HomeController（ActionController :: Metal）＃session> 
 { _csrf_token => R4KKC1hDCzY5hUcIks1xIUonEpywlhjKqjJS7J1gCOk =， session_id => 886b4f181bdc955250424858f45887ad} 
  $$$ $ b 
某些事情可能在委托链中的某个时刻重新定义了会话方法。
 
Rails throws a NoMethodError on a page whenever I try to add a form_tag to it, and gives the following error output and stack trace:
You have a nil object when you didn't expect it!
You might have expected an instance of Array.
The error occurred while evaluating nil.[]

ruby/1.9.1/gems/actionpack-3.0.5/lib/action_controller/metal/request_forgery_protection.rb:114:in `form_authenticity_token'
ruby/1.9.1/gems/actionpack-3.0.5/lib/abstract_controller/helpers.rb:55:in `form_authenticity_token'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/form_tag_helper.rb:582:in `token_tag'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/form_tag_helper.rb:555:in `extra_tags_for_form'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/form_tag_helper.rb:566:in `form_tag_html'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/form_tag_helper.rb:573:in `form_tag_in_block'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/form_tag_helper.rb:52:in `form_tag'
app/views/teams/new.html.erb:1:in `_app_views_teams_new_html_erb__114968057028112192_2181733580__2538292988913059192'
There's more to the stack trace, but the relevant portions are that it is being triggered from the form_tag being called and that it leads into a request_forgery_protection.

When I remove the form_tag from the page, the error persists but now it gets triggered from the 
<%= csrf_meta_tag %> in my application layout.  

The trace in this case also points to the same line in the request_forgery_protection method in the controller
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_controller/metal/request_forgery_protection.rb:114:in `form_authenticity_token'
ruby/1.9.1/gems/actionpack-3.0.5/lib/abstract_controller/helpers.rb:55:in `form_authenticity_token'
ruby/1.9.1/gems/actionpack-3.0.5/lib/action_view/helpers/csrf_helper.rb:9:in `csrf_meta_tag'
app/views/layouts/application.html.erb:5:in `_app_views_layouts_application_html_erb___1820392644171111615_2183801660__2538292988913059192'
I've tried commenting out "protect_from_forgery" in my ApplicationController, but that does nothing.  And I've also tried commenting out the csrf_meta_tag, which when I comment out in combination with removing the form_tag allows the action to render.

To debug this, I've tried to make my view the most basic possible: 
<div>
<h1>This is a Header</h1>

<%= form_tag do %>
  Form contents
<% end %>
</div>
And my controller is as follows:
class TeamsController < ApplicationController
  before_filter :authenticate_user!
  check_authorization
  load_and_authorize_resource

  def new
    @team = Team.new
  end
end
Relevant gems I'm trying to use are: Devise, Cancan, and Rails 3.0.5

Edit:  My session dump is as follows -
_csrf_token: "iZRWhye/WBrzjWbKreJVIRpfTbfpbSaaJu3fMiW3wEg="
flash: {:notice=>"Signed in successfully."}
session_id: "85fc7d152a17ca884f5b299f4cde926b"
warden.user.user.key: ["User", [1], "$2a$10$KC66DL1T.71ERw4d4VHVq."]
warden.user.user.session: {"last_request_at"=>2011-08-02 22:03:57 UTC}

解决方案
Put this in your view and paste the output:
<pre>
<%= method(:session)  %>
<%= instance_variable_get(:@controller).method(:session) %>
<%= instance_variable_get(:@controller).instance_variable_get(:@_request).session.inspect %>
</pre>
If your controller is called HomeController, you'll see something like this:
#<Method: #<Class:0x1cc12fc>(ActionView::Base)#session>
#<Method: HomeController(ActionController::Metal)#session>
{"_csrf_token"=>"R4KKC1hDCzY5hUcIks1xIUonEpywlhjKqjJS7J1gCOk=", "session_id"=>"886b4f181bdc955250424858f45887ad"}
Something might be re-defining the session method at some point in the delegation chain.

                        
这篇关于尝试在Rails 3中呈现表单时，在request_forgery_protection中为nil。[]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！