带有HTTPS + ELB的Rails InvalidAuthenticityToken [英] Rails InvalidAuthenticityToken with HTTPS + ELB
问题描述
我正在尝试使HTTPS可以在我的网站上正常工作,但是我正在为所有帖子请求获取 ActionController :: InvalidAuthenticityToken
.我记录了 form_authenticity_param
和 form_authenticity_token
,它们实际上是不同的.
I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken
for all post requests. I logged the form_authenticity_param
and form_authenticity_token
and they are in fact different.
SSL在Elastic Load Balancer上解析,并且非SSL请求发送到Web应用程序.预期的CSRF令牌存储在基于cookie的会话中,因此HTTP和HTTPS的会话似乎期望使用不同的令牌.在网站上使用HTTP时,发布/发布请求可以正常工作.
The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put requests work fine.
我在这个问题上停留了一段时间.任何建议都会有帮助
I've been stuck on this problem for a bit. Any advice would be helpful
推荐答案
我也遇到了同样的问题,但这不是问题.
I have the same problem, but it's not rails.
我通过在nginx.config中添加 proxy_set_header X-Forwarded-Proto https;
来解决此问题
I fixed the problem by add proxy_set_header X-Forwarded-Proto https;
in my nginx.config
location @videos {
proxy_pass http://videos;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
}
这篇关于带有HTTPS + ELB的Rails InvalidAuthenticityToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!