Rails 3.1-CSRF被忽略了吗? [英] Rails 3.1 - CSRF ignored?

问题描述

这是我的问题，

我有一个Rails 3.1应用程序，我正在尝试发出ajax请求，但收到警告消息警告:无法验证CSRF令牌的真实性"…

I've got a rails 3.1 app and I'm trying to make an ajax request but I get the warning message "WARNING: Can't verify CSRF token authenticity"…

在我的布局中，我有帮助方法"csrf_method_tag" ，并且添加了以下javascript代码(不知道它是否确实需要):

Inside my layout I've got the helper method "csrf_method_tag", and I add the following javascript code (don't know if it's really required or not):

$.ajaxSetup({
  beforeSend: function(xhr) {
    xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'));
  }
});

我的Gemfile包含宝石 jquery-rails (> = 1.0.12)，我需要jquery& jquery-ujs位于我的application.js顶部.

My Gemfile contains the gem jquery-rails (>= 1.0.12) and I require jquery & jquery-ujs at the top of my application.js.

即使如此，该消息仍然会出现.我忘了什么吗?

Even with that, the message still appears. Did i forget something?

感谢您的帮助.

推荐答案

对我有用的-当不使用表单时-将<%= form_authenticity_token %>的结果包括在ajax数据有效载荷中.因此，我做的事情类似于tehprofessor在html中建议的内容:

What's worked for me - when working without forms - is to include the result of <%= form_authenticity_token %> in the ajax data payload. So I do something like what was suggested by tehprofessor in the html:

<input id="tokentag" type="hidden" name="authenticity_token" value="<%= form_authenticity_token %>" />

然后使用javascript:

then in the javascript:

tokentag = $('#tokentag').val()
submitdata = { "authenticity_token": tokentag, ...+whatever else you need to include+...}

然后用submitdata调用$.ajax.

这篇关于Rails 3.1-CSRF被忽略了吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！