无法在Rails中验证CSRF令牌的真实性 [英] Can't verify CSRF token authenticity in rails

问题描述

我正在使用PaypalAdaptive。它会正确发送ipn_notification。 ipnNotification操作方法如下-

I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following -

def ipn_notification
    ipn = PaypalAdaptive::IpnNotification.new
    ipn.send_back(request.raw_post.to_json)

    print "=====================request.raw_post#{request.raw_post}=============="

    if ipn.verified?
        PaymentMailer.notify_unknown(request.raw_post).deliver
    else
        logger.info "IT DIDNT WORK"
    end
    render :nothing => true
end

但返回错误

WARNING: Can't verify CSRF token authenticity rails

针对此问题的任何帮助。

Any help for this problem.

推荐答案

在您的控制器中：

skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]

对于快速阅读并分发-1的人（跳过重要的部分：不是来自客户端的POST调用...）：

For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):

• 是，它跳过了安全性但...读后...

• yes it skips a security BUT... Read after...

是的，这是外部网站POST请求的唯一方式

yes, it's the only way for external website POST requests

是的，这很安全：当您收到来自Paypal等的呼叫时，您显然检查了参数和键。

yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.

这篇关于无法在Rails中验证CSRF令牌的真实性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！