[英]InvalidAuthenticityToken in Rails Shopify app
I have a Shopify app using the shopify_app gem. 我有一个使用shopify_app gem的Shopify应用。 I am attempted to post a form to an admin page but keep receiving a InvalidAuthenticityToken.
我试图将表单发布到管理页面,但一直收到InvalidAuthenticityToken。 I am using Rails 5.1.6 and have set config.action_controller.per_form_csrf_tokens = false to help identify the issue.
我正在使用Rails 5.1.6,并设置了config.action_controller.per_form_csrf_tokens = false来帮助识别问题。 I have confirmed that meta csrf-token, the authenticity_token form field and the authenticity_token being posted to the server all of the same value.
我已经确认将元csrf-token,authenticity_token表单字段和authenticity_token都发布到服务器,它们都具有相同的值。
<meta name="csrf-token" content="FW84k6S5WXpepe+1gADRh+Ly1kBVWrkJohP5QYz54a35KqKZghuciwU0lIlLNRVoHjOM8peOoCqf+HXDDIlMZQ==">
<input type="hidden" name="authenticity_token" value="FW84k6S5WXpepe+1gADRh+Ly1kBVWrkJohP5QYz54a35KqKZghuciwU0lIlLNRVoHjOM8peOoCqf+HXDDIlMZQ==">
Parameters: {"utf8"=>"✓", "authenticity_token"=>"FW84k6S5WXpepe+1gADRh+Ly1kBVWrkJohP5QYz54a35KqKZghuciwU0lIlLNRVoHjOM8peOoCqf+HXDDIlMZQ==", "access_key"=>{"name"=>"A Test", "account"=>""}, "commit"=>"Save", "id"=>"2"}
The controller inherits ShopifyApp::AuthenticatedController and I have removed all before_actions. 控制器继承了ShopifyApp :: AuthenticatedController,我删除了所有before_actions。
Is there a way I log what the expected authenticity_token value should be? 有什么方法可以记录期望的authenticity_token值?
If anyone could offer some guidance it would be highly appreciated. 如果有人可以提供一些指导,将不胜感激。
Thank you. 谢谢。
I just ran into a similar problem with my instance. 我只是碰到了我的情况类似的问题。 Check to ensure that your request.base_url is the one that's expected.
检查以确保您的request.base_url是的预期的一个。
In my case, I had to force SSL (in config/environments/{development,production,test}.rb) and pass X-Forwarded-Proto from my proxy to the Rails instance, as there was a conflict between http/https in request.base_url, and it was throwing a CSRF error as a result. 就我而言,我不得不强迫SSL(在配置/环境/ {开发,生产,测试} .RB)和我的代理人对Rails的情况下通过X转发 - 协议,因为在HTTP / HTTPS之间的冲突request.base_url,它被扔了CSRF错误的结果。
Forcing SSL in environments config: 强制SSL的环境中配置:
config.force_ssl = true
nginx proxy_set_header in server block: nginx的proxy_set_header在服务器块:
proxy_set_header X-Forwarded-Proto $scheme
-- Dave. 戴夫
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.