无法在Rails中验证CSRF令牌的真实性 [英] Can't verify CSRF token authenticity in rails
本文介绍了无法在Rails中验证CSRF令牌的真实性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用PaypalAdaptive。它会正确发送ipn_notification。 ipnNotification操作方法如下-
I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following -
def ipn_notification
ipn = PaypalAdaptive::IpnNotification.new
ipn.send_back(request.raw_post.to_json)
print "=====================request.raw_post#{request.raw_post}=============="
if ipn.verified?
PaymentMailer.notify_unknown(request.raw_post).deliver
else
logger.info "IT DIDNT WORK"
end
render :nothing => true
end
但返回错误
WARNING: Can't verify CSRF token authenticity rails
针对此问题的任何帮助。
Any help for this problem.
推荐答案
在您的控制器中:
skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]
对于快速阅读并分发-1的人(跳过重要的部分:不是来自客户端的POST调用...):
For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):
-
是,它跳过了安全性但...读后...
yes it skips a security BUT... Read after...
是的,这是外部网站POST请求的唯一方式
yes, it's the only way for external website POST requests
是的,这很安全:当您收到来自Paypal等的呼叫时,您显然检查了参数和键。
yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.
这篇关于无法在Rails中验证CSRF令牌的真实性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文