写了个简单的应用(不过是早期阶段
在提交表格到数据库的时候
出现 ActionController::InvalidAuthenticityToken 该错误
GOOGLE 之
原来是rails 防御跨站点攻击检测导致的(还特别是firefox有问题 IE正常...
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#M000693
找到上述官方文档
一种解决办法是
整个关闭
在environment.rb中添加
config.action_controller.allow_forgery_protection = false
还有就是到controller 排除
以下是官方给的example
class FooController < ApplicationController
# uses the cookie session store (then you don't need a separate :secret)
protect_from_forgery :except => :index
# uses one of the other session stores that uses a session_id value.
protect_from_forgery :secret => 'my-little-pony', :except => :index
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
我的情况是create 这action 出错
直接 protect_from_forgery :exception => :create 搞定
这下正常了
在提交表格到数据库的时候
出现 ActionController::InvalidAuthenticityToken 该错误
GOOGLE 之
原来是rails 防御跨站点攻击检测导致的(还特别是firefox有问题 IE正常...
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html#M000693
找到上述官方文档
一种解决办法是
整个关闭
在environment.rb中添加
config.action_controller.allow_forgery_protection = false
还有就是到controller 排除
以下是官方给的example
class FooController < ApplicationController
# uses the cookie session store (then you don't need a separate :secret)
protect_from_forgery :except => :index
# uses one of the other session stores that uses a session_id value.
protect_from_forgery :secret => 'my-little-pony', :except => :index
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
我的情况是create 这action 出错
直接 protect_from_forgery :exception => :create 搞定
这下正常了
This entry was posted
on 2008年12月7日星期日
at 星期日, 十二月 07, 2008
and is filed under
ruby and rails
. You can follow any responses to this entry through the
comments feed
.
