获取“无法验证 CSRF 令牌真实性"Chrome 上的错误.在 Safari 上运行良好 [英] Getting "Can't verify CSRF token authenticity" error on Chrome. Works fine on Safari
问题描述
我在使用 Chrome 浏览器的任何 POST 请求(用于登录或通过表单发布数据)时收到错误消息.您可以在 http://52.xx.xx.xxx/users/login.只需使用任何用户名/密码 - 应该给你:
I get the error on any POST requests (for logging in, or posting data through forms) using Chrome browser. You can try it out at http://52.xx.xx.xxx/users/login. Just use any username / password - should give you:
您想要的更改被拒绝.
这是日志中的错误片段:
Here is a snippet of the error from the logs:
W, [2017-07-10T08:40:16.486974 #11349] WARN -- : Can't verify CSRF token authenticity
I, [2017-07-10T08:40:16.487259 #11349] INFO -- : Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)
D, [2017-07-10T08:40:16.487526 #11349] DEBUG -- : User excluded error: #<ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken>
在 Safari 上通过完全相同的登录请求或其他发布请求.该站点具有自签名证书.因此,我已将 Chrome 设置更改为信任证书并接受 cookie.
The exact same login request, or other post requests go through on Safari. The site has a self signed certificate. So, I've changed Chrome settings to trust the certificate and accept cookies.
请建议我还应该寻找什么以及哪些其他日志可能有助于调试问题.在过去的 2 天里,我查看了很多 SO 线程,但找不到任何可以解决我的问题的内容.
Please suggest what else i should look for and what other logs might be helpful in debugging the issue. I've looked at quite a few SO threads over the past 2 days and couldn't find anything that solved my issue.
删除了 IP 地址,以防止网站出现不必要的流量.
Removed the IP address to prevent unnecessary traffic to the site.
推荐答案
所以我通过在 URL 的开头使用 https 而不是 http 来解决这个问题.正如预期的那样,chrome 会抛出与安全相关的警告,但添加异常允许发布请求通过而不会出错.
So i got around the problem by using https instead of http at the start of the URL. As expected, chrome throws up the security related warnings, but adding an exception allows post requests to go through without errors.
Safari 以某种方式能够将我的请求(使用 http 或根本没有)重定向到 https,因此它可以正常工作.在 safari 上尝试使用 http 并最终遇到同样的问题.
Safari was somehow able to redirect my requests(with http or nothing at all) to https because of which it was working. Tried with http on safari and ended up with the same issue.
将此标记为已解决 - 因为原始观察不再成立.我需要弄清楚如何使 http 和非 http 请求重定向到我的 nginx 后端上的 https,这应该可以解决问题.
Marking this as solved - since the original observation doesn't hold anymore. I need to figure how to make the http and non http requests redirect to https on my nginx backend and that should fix the issue.
这篇关于获取“无法验证 CSRF 令牌真实性"Chrome 上的错误.在 Safari 上运行良好的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
