Rails默认的CSRF元标记未通过验证 [英] Rails default CSRF Meta Tags not validating

问题描述

我刚刚验证了一个新站点，这个新站点是我使用Rails 3编写的，具有W3C标记验证功能，但是我遇到了Rails生成的CSRF标签的错误。

I've just validated a new site a new site that i've written using Rails 3 with the W3C markup validation and i'm getting errors about the CSRF tags that rails generates.

元素元上属性名称的错误值csrf-param：关键字csrf-param未注册。

<meta name="csrf-param" content="authenticity_token"/>

AND

糟糕元素meta上的属性名称的值csrf-token：关键字csrf-token未注册。

<meta name="csrf-token" content="{token}"/>

我将DOCTYPE设置为

I have my DOCTYPE set to

<!DOCTYPE html>

据我所知，我不必添加任何其他内容。任何人都可以阐明这一点吗？

As far as i was aware i shouldn't have to add anything else. Can anyone shed any light on this please?

我正在使用HAML，想知道这是否可能是一个促成因素，所以我设置了测试页面，它具有单个控制器/动作/视图，并且仅使用Rails的默认erb模板。问题仍然存在。

I'm using HAML and wondered whether that could be a contributing factor so i set up a test page which has a single controller/action/view and only uses the Rails default erb templates. The problem still occurs.

http://validator.w3.org/check?uri= http％3A％2F％2Fcsrftestsite.heroku.com％2Fhome& charset =％28detect + automatically％29& doctype = Inline& group = 0& user-agent = W3C_Validator％2F1.2

推荐答案

您不必为此担心。 HTML5元标记使用起来非常开放。验证的全部依据是，按照W3C规范，从技术上讲，这些并不是合法 HTML5元数据名称，但不会影响功能。以下是meta标签的建议扩展列表：

You shouldn't really worry about this. The HTML5 meta tag is pretty open with its use. All this validation is saying is that those technically aren't "legal" HTML5 metadata names according to the W3C spec, but it will not affect functionality. Here's a list of the proposed extensions for the meta tag:

http://wiki.whatwg.org/wiki/MetaExtensions

csrf-token和csrf-param已在建议列表中状态。如果将这些内容添加到W3C规范中，您就不会再看到此验证错误。

csrf-token and csrf-param are already on the list in "Proposal" status. If these get added to the W3C spec you shouldn't see this validation error anymore.

这篇关于Rails默认的CSRF元标记未通过验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！