设计正在邮寄到不同的路线 [英] Devise being logged out on post to different route
问题描述
当我发送XHR到路由时,当它到达那里时,它告诉我,我没有登录,并发送一个401未经授权。之后,我必须登录,然后我可以再试一次。
我一直在努力想出几个小时,我已经能够弄清楚我的控制器方法没有被调用。我在过滤器之前放入了自己的定制认证,只是确认当我的rails应用被调用时,用户不再登录。
另外,如果我打开表格,但不提交,我可以继续正常。如果你有任何想法请帮忙,我不知道现在正在发生什么...
p>
谢谢
-Scott
编辑:添加相关
routes.rb
match'projects /: p / filebox'=> 'projects#show',:via => [get,post],:as => 'project_filebox'
projects_controller.rb
before_filter:authenticate_user! #< ---在被调用的时候,用户注销
def show
#^^^^不会被调用。记录器显示它通过
logger.debug来识别路由----------- projects#show
logger.debug当前用户登录:+ user_signed_in?toto
正在提交的表单
< form class =uploadaction =<%= project_filebox_path(@project)%>?n = 7& cType =<%= cType%>& fid =< ;%= fid%> method =postenctype =multipart / form-data>
< input type =filename =filemultiple />
< button>上传< / button>
< div>添加/拖动要上传的文件< / div>
< / form>
正在上传XHR的Javascript
formDataUpload = function(files,xhr,settings){
var formData = new FormData(),
i;
$ .each(getFormData(settings),function(index,field){
formData.append(field.name,field.value);
}); (i = 0; i< files.length; i + = 1)
{
formData.append(settings.fieldName,files [i]);
}
xhr.send(formData);
}
如果我错过了一些相关代码让我知道
除了JS以外,没有什么可以去的,但是有一个非常强烈的变化,因为CSRF令牌是不被设置为您的请求的一部分。在各种Rails 3.0.x版本中已经发生了变化,所以很难确定没有代码。
一个简单的测试将是关闭CSRF(例如从ProtectController中删除protect_from_forgery )。如果它有效,你有答案,需要确保令牌被传递,否则处理伪造的保护。
Im having a really strange problem with Devise. I have a route set up that accepts both get and post requests. On a get, it shows the form, on the post, it submits it.
When I send a post XHR to the route, when it gets there it tells me that I am not logged in, and sends me a 401 unauthorized. After that I have to log in, and then I can try again.
I have been trying to figure this out for hours, all I have been able to figure out is that my controller method is not getting called. I put in my own custom auth before filter, and it just confirmed that by the time my rails app gets called, the user is no longer logged in.
Also, if I open up the form, but dont submit it, I can continue on as normal. Somewhere in that XHR it is making devise log me out.
If you have any ideas please help, I have no idea what is going on right now...
Thanks
-Scott
EDIT: Adding relevant pieces of code
routes.rb
match 'projects/:p/filebox' => 'projects#show', :via => ["get","post"], :as => 'project_filebox'
projects_controller.rb
before_filter :authenticate_user! # <--- By the time this gets called, the user is logged out
def show
# ^^^^ Doesnt get called. Logger shows that it recognized route though
logger.debug "-----------projects#show"
logger.debug "Current user logged in:"+user_signed_in?.to_s
form that is being submitted
<form class="upload" action="<%= project_filebox_path(@project) %>?n=7&cType=<%= cType %>&fid=<%= fid %>" method="post" enctype="multipart/form-data">
<input type="file" name="file" multiple/>
<button>Upload</button>
<div>Add / Drag Files To Upload</div>
</form>
Javascript that is uploading the XHR
formDataUpload = function (files, xhr, settings) {
var formData = new FormData(),
i;
$.each(getFormData(settings), function (index, field) {
formData.append(field.name, field.value);
});
for (i = 0; i < files.length; i += 1) {
formData.append(settings.fieldName, files[i]);
}
xhr.send(formData);
}
If I missed some relevant piece of code let me know
There's not that much to go on here other than the JS, but there's a really strong change you're having the problem because the CSRF token isn't being set as part of your request. This has changed in various Rails 3.0.x releases so hard to know for sure without code.
One dead simple test would be to turn off CSRF (e.g. remove protect_from_forgery from ApplicationController). If it works, you have the answer and need to make sure the token gets passed around or you otherwise handle forgery protection.
这篇关于设计正在邮寄到不同的路线的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
