即使请求标头中包含正确的 x-csrf-token,也不要在 Ajax 帖子上设置 current_user [英] Devise not setting current_user on Ajax post even though correct x-csrf-token is included in request header
问题描述
使用:导轨 3.0.7设计 1.4.5jquery-rails 1.0.14
Using: Rails 3.0.7 Devise 1.4.5 jquery-rails 1.0.14
当通过 ajax 发布数据时,Devise 没有设置 current_donor.
When posting data via ajax, Devise is not setting current_donor.
我的请求标头如下所示:
My request header looks like this:
Host localhost:3000
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20100101 Firefox/6.0
Accept */*
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection keep-alive
Content-Type application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With XMLHttpRequest
x-csrf-token UFhqJrlOA1c1sAPeUTtV/ABcq5IeqkfA842ORcIWwks=
在关联的控制器操作中,查看会话值,我发现以下内容:
Within the associated controller action, looking at the session values, I find the following:
{"_csrf_token"=>"UFhqJrlOA1c1sAPeUTtV/ABcq5IeqkfA842ORcIWwks=", "warden.user.donor.key"=>["Donor", [485], "$2a$10$OtkItrzVhN4Ussnqy5k1Au"], "session_id"=>"e6693e22275385a58e0915538791ea49"}
这将向我表明 csrf_token 与预期值匹配.然而,current_donor 仍然为零.
This would indicate to me that the csrf_token matches the expected value. Yet, current_donor remains nil.
我已经阅读了几篇关于此的帖子,确实,一开始,csrf_meta_tag 方法不在我的布局中,并且没有设置 csrf 标记.
I have read through several of the posts on this, and indeed, at the outset, the csrf_meta_tag method was not in my layout, and the csrf token was not being set.
然而,情况不再如此,csrf 令牌正在设置,但我仍然没有得到 current_donor 值.
However, that is no longer the case, the csrf token is being set, and yet I am still getting no current_donor value.
当我发出 ajax get 请求时,current_donor 设置正确.
When I make ajax get requests, current_donor is being set properly.
您对我应该在哪里查看的任何建议将不胜感激.
Any advice you have on where else I should look would be greatly appreciated.
最好的,汤姆
推荐答案
我以前也遇到过同样的问题.我通过包含 csrf_token 解决了这个问题
I had the same problem before. I solved it by including csrf_token as below
$.ajax({
type: "GET",
url: url,
data: params ,
beforeSend: function(jqXHR, settings) {
jqXHR.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'));
},
error: function(){
alert("An error ocurred");
},
success: function(){
}
});
这篇关于即使请求标头中包含正确的 x-csrf-token,也不要在 Ajax 帖子上设置 current_user的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!