使用SSL在Nginx后面的Rails 5中的InvalidAuthenticityToken
[英]InvalidAuthenticityToken in Rails 5 behind Nginx using SSL
问题描述
I've got a really weird issue with Rails 5 (beta1) and it's preventing me from safely submitting any forms. 
我对Rails 5(beta1)有一个非常奇怪的问题,它阻止我安全地提交任何表单。
When running in production mode behind an Nginx (1.4.6 on Ubuntu 12.04) reverse proxy which decrypts SSL, Rails is rejecting my CSRF tokens saying they are invalid despite the fact that the correct token is being submit by the form. 当在生产模式下运行Nginx(在Ubuntu 12.04上为1.4.6)反向代理后面解密SSL时,Rails拒绝我的CSRF令牌,说它们无效,尽管表格正在提交正确的令牌。
Everything works fine when I turn SSL off in Nginx. 当我在Nginx中关闭SSL时,一切正常。
Any help would be appreciated. 任何帮助,将不胜感激。
1 个解决方案
解决方案1
16 已采纳 2016-01-08 10:30:57
Fix by adding more headers in Nginx ( X-Forwarded-Ssl on , X-Forwarded-Port 443 and X-Forwarded-Host "your hostname" , X-Forwarded-Proto https ). 修复了在Nginx中添加更多标头( X-Forwarded-Ssl on , X-Forwarded-Port 443和X-Forwarded-Host "your hostname" , X-Forwarded-Proto https )。 The problem was actually in the new way CSRF tokens are checked by ActionController (compares the request.base_url with the origin header) 问题实际上是以新的方式由ActionController检查CSRF令牌(将request.base_url与origin头进行比较)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.