rails csrf验证在firefox [英] rails csrf validation in firefox

问题描述

我有一个使用Devise进行身份验证的Rails创建的网站。它在Chrome中工作得很好，但在Firefox中我无法登录。我可以看到的是日志中的消息：
警告：无法验证CSRF令牌的真实性
登录屏幕返回没有任何错误消息。

有人可以给我一个提示，以照顾发生了什么吗？

解决方案

我有完全相同的问题。登录在Chrome中工作，而不是在FF中。
问题与CSRF无关，因为我评论过 protect_from_forgery 并试图登录，但我不被允许。唯一的区别是警告消息消失了。

经过一些调试，我发现问题与会话和：domain =>相关：会话存储的所有设置。

  MyApp :: Application.config.session_store：cookie_store，key：'_myapp_session'，：domain => ：全部
  

我删除了：domain =>所有，我能够使用Firefox登录。希望这可以帮助某人，尽管答案是迟到两个月。

I have a site created with Rails using Devise for authentication. It works perfectly fine in Chrome, but in Firefox I cannot log in. All I can see is a message in log: WARNING: Can't verify CSRF token authenticity And the login screen comes back without any error messages.

Can someone give me a hint where to look after what is happening?

解决方案

I had exactly the same problem. Login was working in Chrome and not in FF. The problem was not related to CSRF since I commented out protect_from_forgery and tried to signin but I wasn't allowed to. The only difference was that the warning message disappeared.

After some debugging I found out that the problem is related to session and :domain => :all setting for the session store.

MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => :all

After I removed :domain => all, I was able to login using Firefox. Hope that this will help someone even though the answer arrives two months late.

这篇关于rails csrf验证在firefox的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！