Firefox 中的 rails csrf 验证 [英] rails csrf validation in firefox

问题描述

我有一个用 Rails 创建的站点，使用 Devise 进行身份验证.它在 Chrome 中运行良好，但在 Firefox 中我无法登录.我只能看到日志中的一条消息:警告:无法验证 CSRF 令牌的真实性并且登录屏幕返回时没有任何错误消息.

I have a site created with Rails using Devise for authentication. It works perfectly fine in Chrome, but in Firefox I cannot log in. All I can see is a message in log: WARNING: Can't verify CSRF token authenticity And the login screen comes back without any error messages.

有人可以提示我在哪里处理正在发生的事情吗?

Can someone give me a hint where to look after what is happening?

推荐答案

我遇到了完全相同的问题.登录在 Chrome 中工作，而不是在 FF 中工作.该问题与 CSRF 无关，因为我注释掉了 protect_from_forgery 并尝试登录，但不允许我登录.唯一的区别是警告信息消失了.

I had exactly the same problem. Login was working in Chrome and not in FF. The problem was not related to CSRF since I commented out protect_from_forgery and tried to signin but I wasn't allowed to. The only difference was that the warning message disappeared.

经过一些调试，我发现问题与会话和 :domain => : 会话存储的所有设置有关.

After some debugging I found out that the problem is related to session and :domain => :all setting for the session store.

MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => :all

在我删除 之后:domain =>全部，我能够使用Firefox登录.希望这会帮助某人，即使答案迟到两个月.

After I removed :domain => all, I was able to login using Firefox. Hope that this will help someone even though the answer arrives two months late.

这篇关于Firefox 中的 rails csrf 验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！