ActionController::InvalidAuthenticityToken 禁用 JS/Ajax 请求时 [英] ActionController::InvalidAuthenticityToken when disable JS/Ajax request

问题描述

我有两种带有选项 remote: true 的表单；一个向 create 动作发送 Ajax 请求，另一个向 destroy 动作发送 Ajax 请求.

I have two forms with option remote: true; one sends an Ajax request to create action and the other one sends an Ajax request to destroy action.

启用 JavaScript 时一切正常，但如果我禁用 JavaScript，然后单击，我会收到此错误:

All work fines when JavaScript is enabled, but if I disable JavaScript, then I click, I get this error:

ActionController::InvalidAuthenticityToken PersonsController#create

为什么会显示此错误，我该如何解决?

Why this error is shown, and how can I fix it ?

注意:我使用的是 Rails 4

note: I'm using Rails 4

当我使用没有选项 remote: true 的普通表单时，rails 会自动为身份验证令牌插入一个隐藏字段，但是当我在表单中使用 remote: true 时HTML 代码中没有这样的字段.似乎当有 remote 选项时，Rails 会以不同的方式处理身份验证令牌，那么我如何才能让它在两种情况下都能正常工作?

When I use a normal form without option remote: true, rails automatically inserts a hidden field for an authentication token, but when I use remote: true in my form there is no such field in the HTML code. It seems like when there is remote option, then Rails handles the authentication token differently, so how I can get this to work in both cases?

推荐答案

奇怪的是，这种行为在 rails 4 中发生了变化.http://www.alfajango.com/blog/rails-4-whats-new/

Bizarrely, this behaviour was changed in rails 4. http://www.alfajango.com/blog/rails-4-whats-new/

Rails 表单现在不会在表单中呈现 CSRF 字段，除非您明确将其定义为表单的选项:

Rails forms now will not render the CSRF field in the form unless you explicitly define it as an option to your form:

<%= form_for @some_model, :remote => true, :authenticity_token => true do |f| %>
<% end %>

添加此选项可让您在 Javascript 关闭时优雅地降级为 HTML 回退.

Adding this option allows you to gracefully degrade to a HTML fallback if Javascript is switched off.

这篇关于ActionController::InvalidAuthenticityToken 禁用 JS/Ajax 请求时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！