Rails无法验证CSRF令牌的真实性
[英]Rails Can't verify CSRF token authenticity
问题描述
I've succesfully created new record by using post method api like this (Using Curl::PostField ) 
我已经通过使用像这样的post方法api成功地创建了新记录(使用Curl::PostField )
curl_post_fields = [
Curl::PostField.content('first_name', first_name),
Curl::PostField.content('last_name', last_name),]
contact = Curl::Easy.http_post("#{ENV['API_V1_URL']}/contacts", *curl_post_fields)
contact.ssl_verify_peer = false
contact.http_auth_types = :basic
contact.username = ENV['API_V1_USERNAME']
contact.password = ENV['API_V1_PASSWORD']
contact.perform
response = JSON.parse(contact.body_str)
but when i was updating record via patch like this one (using json request parameter): 但是当我通过像这样的补丁更新记录时(使用json请求参数):
contact = Curl.patch("#{ENV['API_V1_URL']}/contacts/#{qontak_id}",{:email => email, :gender_id => 8})
contact.ssl_verify_peer = false
contact.http_auth_types = :basic
contact.username = ENV['API_V1_USERNAME']
contact.password = ENV['API_V1_PASSWORD']
contact.perform
response = JSON.parse(contact.body_str)
i got some errors from server 我从服务器收到一些错误
Can't verify CSRF token authenticity
Filter chain halted as :authenticate rendered or redirected
also i have turn off csrf protect_from_forgery with: :null_session 我也用以下命令关闭了csrfprotect_from_forgery protect_from_forgery with: :null_session
it is possible that using Curl::PostField is automatically including csrf token or are there any similar way like Curl::Postfield in patch or put method ? 是否有可能使用Curl::PostField自动包含csrf token或者是否有任何类似的方法,例如patch or put method Curl::Postfield ?
1 个解决方案
解决方案1
-1 2017-02-24 12:55:56
You might try explicitly skipping the token filter. 您可以尝试显式跳过令牌过滤器。
Within your API controller: 在您的API控制器中:
skip_before_filter :verify_authenticity_token, only: [:put] respond_to :json
Make sure to restart your server as well. 确保也重新启动服务器。 Hope this helps! 希望这可以帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.