Firefox 中的 rails csrf 验证 [英] rails csrf validation in firefox
问题描述
我有一个用 Rails 创建的站点,使用 Devise 进行身份验证.它在 Chrome 中运行良好,但在 Firefox 中我无法登录.我只能看到日志中的一条消息:警告:无法验证 CSRF 令牌的真实性
并且登录屏幕返回时没有任何错误消息.
I have a site created with Rails using Devise for authentication. It works perfectly fine in Chrome, but in Firefox I cannot log in. All I can see is a message in log:
WARNING: Can't verify CSRF token authenticity
And the login screen comes back without any error messages.
有人可以提示我在哪里处理正在发生的事情吗?
Can someone give me a hint where to look after what is happening?
推荐答案
我遇到了完全相同的问题.登录在 Chrome 中工作,而不是在 FF 中工作.该问题与 CSRF 无关,因为我注释掉了 protect_from_forgery
并尝试登录,但不允许我登录.唯一的区别是警告信息消失了.
I had exactly the same problem. Login was working in Chrome and not in FF.
The problem was not related to CSRF since I commented out protect_from_forgery
and tried to signin but I wasn't allowed to. The only difference was that the warning message disappeared.
经过一些调试,我发现问题与会话和 :domain => : 会话存储的所有设置有关.
After some debugging I found out that the problem is related to session and :domain => :all setting for the session store.
MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => :all
在我删除 之后:domain =>全部
,我能够使用Firefox登录.希望这会帮助某人,即使答案迟到两个月.
After I removed :domain => all
, I was able to login using Firefox. Hope that this will help someone even though the answer arrives two months late.
这篇关于Firefox 中的 rails csrf 验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!