每次用Rails 4中的设计签出GET而不是POSTing [英] Signing out with devise GETing instead of POSTing in Rails 4 every time
问题描述
config.sign_out_via =:delete
更改为 config.sign_out_via =:get
- 这显然是不好的做法。 我的问题是,无论我尝试什么,客户端发送获取
请求,而不是规定的删除
或 post
。 / p>
在我看来
<%= link_to登出,destroy_user_session_path, method => :删除%>
rake路线给
Anchor $ rake路由
前缀动词URI模式控制器#动作
root GET / home#index
new_user_session GET /login(.:format)devise / sessions#new
user_session POST /login(.:format)devise / sessions#create
destroy_user_session DELETE /logout(.:format)devise / sessions#destroy
user_password POST / password(。 :format)devise / password#create
new_user_password GET /password/new(.:format)devise / passwords#new
edit_user_password GET /password/edit(.:format)devise / passwords#edit
PATCH /password(.:for更改
PUT /password(.:format)devise / password#update
cancel_user_registration GET /cancel(.:format)设计/注册#取消
user_registration POST / devise /注册#创建
new_user_registration GET /sign_up(.:format)设计/注册#new
edit_user_registration GET /edit(.:format)设计/注册#编辑
PATCH / devise / registrations#更新
PUT / devise / registrations#update
DELETE / devise / registrations#destroy
user_activities GET / users /:user_id / activities(。 :format)activities#index
POST /users/:user_id/activities(.:format)activities#create
new_user_activity GET /users/:user_id/activities/new(.:format)activities#new
edit_user_activity GET /users/:user_id/activities/:id/edit(.:format)activities#edit
user_activity GET /users/:user_id/activities/:id(.:format)activities#show
PATCH /users/:user_id/activities/:id(.:format)activities#update
PUT /users/:user_id/activities/:id(.:format)activities#update
DELETE /users/:user_id/activities/:id(.:format)activities#destroy
users GET /users(.:format)users#index
POST /users(.:format)users#create
new_user GET /users/new(.:format) user#new
edit_user GET /users/:id/edit(.:format)users#edit
user GET /users/:id(.:format)users#show
PATCH / users /:id(.:format)users#update
PUT /users/:id(.:format)users#update
DELETE /users/:id(.:format)users#destroy
routes.rb
root:to => home#index
devise_for:users
resources:users do
resources:activities
end
js清单
// = require jquery
// = require jquery_ujs
// = require bootstrap
// = require turbolinks
// = require_tree。
application.html.erb
包含适当的<%= javascript_include_tag应用程序%>
用于包括ujs和渲染的头文件包括:
code>< script src =/ assets / jquery.js?body = 1>
< script src =/ assets / jquery_ujs.js?body = 1>
我有一种感觉,它可能与Turbolinks有关,所以我尝试了多种变化的 data-no-turbolink
,但没有雪茄。无论什么,客户端始终发送启动GET/ users / sign_out
,其继续路由到UsersController#show。
任何见解都会有帮助!
与我同样的问题:(
现在在Rails 4中我至少可以做的是路由
get'/ users / sign_out'=>'devise / sessions#destroy'
*但是这种方法容易受到CSRF攻击的困扰。
So this seems to be a pretty common problem. I've combed through the issue tracker on github as well as Stackoverflow but still have not found a solution -besides changing config.sign_out_via = :delete
to config.sign_out_via = :get
- which apparently is pretty bad practice.
My issue is that no matter what I try, the client sends a get
request instead of the prescribed delete
or post
.
In my view
<%= link_to "sign out", destroy_user_session_path, :method => :delete %>
rake routes gives
Anchor$ rake routes
Prefix Verb URI Pattern Controller#Action
root GET / home#index
new_user_session GET /login(.:format) devise/sessions#new
user_session POST /login(.:format) devise/sessions#create
destroy_user_session DELETE /logout(.:format) devise/sessions#destroy
user_password POST /password(.:format) devise/passwords#create
new_user_password GET /password/new(.:format) devise/passwords#new
edit_user_password GET /password/edit(.:format) devise/passwords#edit
PATCH /password(.:format) devise/passwords#update
PUT /password(.:format) devise/passwords#update
cancel_user_registration GET /cancel(.:format) devise/registrations#cancel
user_registration POST / devise/registrations#create
new_user_registration GET /sign_up(.:format) devise/registrations#new
edit_user_registration GET /edit(.:format) devise/registrations#edit
PATCH / devise/registrations#update
PUT / devise/registrations#update
DELETE / devise/registrations#destroy
user_activities GET /users/:user_id/activities(.:format) activities#index
POST /users/:user_id/activities(.:format) activities#create
new_user_activity GET /users/:user_id/activities/new(.:format) activities#new
edit_user_activity GET /users/:user_id/activities/:id/edit(.:format) activities#edit
user_activity GET /users/:user_id/activities/:id(.:format) activities#show
PATCH /users/:user_id/activities/:id(.:format) activities#update
PUT /users/:user_id/activities/:id(.:format) activities#update
DELETE /users/:user_id/activities/:id(.:format) activities#destroy
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
routes.rb
root :to => "home#index"
devise_for :users
resources :users do
resources :activities
end
js manifest
//= require jquery
//= require jquery_ujs
//= require bootstrap
//= require turbolinks
//= require_tree .
application.html.erb
contains the appropriate <%= javascript_include_tag "application" %>
for including ujs and the rendered header includes:
<script src="/assets/jquery.js?body=1">
<script src="/assets/jquery_ujs.js?body=1">
I had a feeling that it might have something to do with Turbolinks so I tried multiple variations of data-no-turbolink
, but no cigar. No matter what, the client always sends Started GET "/users/sign_out"
which keeps routing to UsersController#show.
Any insight would be helpful!
Same problem with me :( For now in Rails 4, all I can do at least now is to route
get '/users/sign_out' => 'devise/sessions#destroy'
*but this approach is vulnerable to CSRF-attack
这篇关于每次用Rails 4中的设计签出GET而不是POSTing的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!