使用ionic作为前端+ Devise-rails作为后端时的CSRF身份验证问题?
[英]CSRF authentication issue when using ionic as front-end + Devise-rails as backend?
问题描述
Is there any successful implementation that use Ionic mobile app to access remote Devise + rails Api server? 
是否有使用Ionic移动应用程序访问远程Devise + rails Api服务器的成功实施? Currently, the backend rails server works well, and I have added "rack-cors" to set white list for the remote access. 当前,后端Rails服务器运行良好,并且我添加了“ rack-cors”来为远程访问设置白名单。 On the front side, I use angular-devise to communicate with rails Api. 在正面,我使用angular-devise与Rails Api进行通信。 But it shows the error below. 但它显示以下错误。
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 11ms
Most implementations use manually read token from csrf tag from rails or use 'angular_rails_csrf' gem. 大多数实现都使用从rails的csrf标记中手动读取令牌或使用“ angular_rails_csrf” gem。 But all these above implementations rely on rails. 但是以上所有这些实现都依赖于rails。 Is there any possible client-side implementation that only use angular, ie ionic app? 是否有可能仅使用角度应用程序(即离子应用程序)的客户端实现?
1 个解决方案
解决方案1
0 2015-03-18 13:12:53
Have you changed :exception to :null_session ? 你有没有改变:exception给:null_session ?
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :null_session
And also this information may be relevant to you. 并且此信息可能与您有关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.