Rails 5 ActionController::InvalidAuthenticityToken 错误 [英] Rails 5 ActionController::InvalidAuthenticityToken error

问题描述

我有一个 rails 应用程序，我打算升级到 rails 5.我正在使用 devise(v4.2.0) 和 rails(v5.0.0).正如设计 README.md 文件中所建议的那样，我尝试将protect_from_forgery 移动到before_filter 之上，但是当我尝试登录或更新我的错误时，我仍然收到错误ActionController::InvalidAuthenticityToken

I have a rails application which I am planning to upgrade to rails 5. I am using devise(v4.2.0) along with rails(v5.0.0). As suggested in devise README.md file, I tried moving the protect_from_forgery above the before_filter but still when I am trying to login or update my bug I get an error ActionController::InvalidAuthenticityToken

我的应用程序控制器是

class ApplicationController < ActionController::Base
 protect_from_forgery with: :exception, prepend: true
 before_action :configure_permitted_parameters, if: :devise_controller?

  protected

   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
     devise_parameter_sanitizer.permit(:account_update, keys: [:name])
   end

end

而我的另一个 BugController 是

class BugsController < ApplicationController
  protect_from_forgery prepend: true, with: :exception
  before_action :authenticate_user!
  before_action :set_bug, only: [:show, :edit, :update]

    def update
      respond_to do |format|
      if @bug.update(bug_params)
        format.html { redirect_to @bug, notice: 'Bug was successfully updated.' }
        format.json { render :show, status: :ok, location: @bug }
     else
        format.html { render :edit }
        format.json { render json: @bug.errors, status: :unprocessable_entity }
     end
     end
   end

private
def bug_params
  params.require(:bug).permit(:product, :component, :title, :description, :status_id, :created_by_id, :assigned_to_id)
end


end

推荐答案

注意:虽然此答案具有预期效果，但它降低了整体安全性.以下 Alon 的回答更正确，并维护了网站的安全.

Note: While this answer has the desired effect, it does so by reducing overall security. The below answer by Alon is more correct and maintains the security of the site.

class BugsController < ApplicationController
skip_before_filter :verify_authenticity_token
protect_from_forgery prepend: true, with: :exception
before_action :authenticate_user!
before_action :set_bug, only: [:show, :edit, :update]
end

喜欢这个

这篇关于Rails 5 ActionController::InvalidAuthenticityToken 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！