设计不是阿贾克斯岗位设置CURRENT_USER即使正确X-CSRF令牌包含在请求头 [英] Devise not setting current_user on Ajax post even though correct x-csrf-token is included in request header

问题描述

使用： Rails的3.0.7 制定1.4.5 jQuery的护栏1.0.14

Using: Rails 3.0.7 Devise 1.4.5 jquery-rails 1.0.14

在通过AJAX发布数据，制定不设置current_donor。

When posting data via ajax, Devise is not setting current_donor.

我的请求标题是这样的：

My request header looks like this:

Host    localhost:3000
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20100101     Firefox/6.0
Accept  */*
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection  keep-alive
Content-Type    application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With    XMLHttpRequest
x-csrf-token    UFhqJrlOA1c1sAPeUTtV/ABcq5IeqkfA842ORcIWwks=

在相关的控制器动作，看着会话值，我发现了以下内容：

Within the associated controller action, looking at the session values, I find the following:

{"_csrf_token"=>"UFhqJrlOA1c1sAPeUTtV/ABcq5IeqkfA842ORcIWwks=", "warden.user.donor.key"=>["Donor", [485], "$2a$10$OtkItrzVhN4Ussnqy5k1Au"], "session_id"=>"e6693e22275385a58e0915538791ea49"}

这将表明对我来说，csrf_token相匹配的预期值。然而，current_donor仍然为零。

This would indicate to me that the csrf_token matches the expected value. Yet, current_donor remains nil.

我已经通过几个职位对这一读，而事实上，在一开始，csrf_meta_tag方法在我的布局是不是和CSRF令牌没有被设置。

I have read through several of the posts on this, and indeed, at the outset, the csrf_meta_tag method was not in my layout, and the csrf token was not being set.

不过，这已不再的情况下，CSRF令牌被设置，但我仍然没有得到current_donor价值。

However, that is no longer the case, the csrf token is being set, and yet I am still getting no current_donor value.

当我把AJAX的GET请求，current_donor被设置正确。

When I make ajax get requests, current_donor is being set properly.

任何意见，你有什么地方我应该会大大AP preciated。

Any advice you have on where else I should look would be greatly appreciated.

最好的， 汤姆

推荐答案

我以前有同样的问题。我通过包括csrf_token如下

I had the same problem before. I solved it by including csrf_token as below

$.ajax({
    type: "GET",
    url: url,
    data: params ,
    beforeSend: function(jqXHR, settings) {
        jqXHR.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'));
    },
    error: function(){
        alert("An error ocurred");
    },
    success: function(){

    }
});

这篇关于设计不是阿贾克斯岗位设置CURRENT_USER即使正确X-CSRF令牌包含在请求头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！