AWS Elastic Beanstalk上的Rails应用返回“无法验证csrf令牌”的422
[英]Rails app on AWS Elastic Beanstalk returning 422 with “Can't verify csrf token”
问题描述
I have a Rails 5.1.4 app using Puma & nginx that's been running in production on Elastic Beanstalk (AWS) for a while. 
我有一个使用Puma和nginx的Rails 5.1.4应用程序,该应用程序已经在Elastic Beanstalk(AWS)的生产中运行了一段时间。 I recently opened a new QA environment in the same place and keep getting 422 errors for POST requests on the HTML calls (API calls work fine) with the message "Can't verify csrf token". 我最近在同一个地方打开了一个新的质量检查环境,并通过消息“无法验证csrf令牌”对HTML调用(API调用工作正常)的POST请求不断收到422错误。 Every configuration value is the same or equivalent. 每个配置值都相同或相等。
I added the necessary tags and checked the authenticity token values. 我添加了必要的标签并检查了真实性令牌值。 Under the <head> tag I have: 在<head>标记下,我有:
<meta name="csrf-param" content="authenticity_token">
<meta name="csrf-token" content="acYjbDMNDXsw+mHN7pM/4XldHungS9kDlkkTT1moNQaf1y7wRhLJhOVb7GTMDieLU4kGc7yWlOch4DlG/z/A8g==">
On my login form I have the following: 在我的登录表单上,我具有以下内容:
<input type="hidden" name="authenticity_token" value="acYjbDMNDXsw+mHN7pM/4XldHungS9kDlkkTT1moNQaf1y7wRhLJhOVb7GTMDieLU4kGc7yWlOch4DlG/z/A8g==">
And on the logs I receive the parameters: 在日志中,我收到参数:
Parameters: {"utf8"=>"✓", "authenticity_token"=>"acYjbDMNDXsw+mHN7pM/4XldHungS9kDlkkTT1moNQaf1y7wRhLJhOVb7GTMDieLU4kGc7yWlOch4DlG/z/A8g==", "user"=>{"email"=>"someemail@mail.com", "password"=>"[FILTERED]", "remember_me"=>"1"}}
I also have the rack-cors gem and the following config: 我也有rack-cors gem和以下配置:
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
I've been trying to solve this issue for a couple days now and I'm quite lost on how to go on, any ideas on what may be causing this? 我已经尝试解决这一问题了几天,但我对如何继续工作一无所知,关于可能导致此问题的任何想法? Any other information that might be useful to figure out the problem? 还有其他可能对解决问题有用的信息吗?
3 个解决方案
解决方案1
0 2019-02-07 08:49:23
My first guess would be that there is some HTML caching involved, as the tokens differ. 我的第一个猜测将是涉及一些HTML缓存,因为令牌有所不同。 I've seen similar behaviour when running Varnish against a Rails backend, do you have sonmething like Rack::Cache or Nginx's proxy cache? 在Rails后端上运行Varnish时,我已经看到类似的行为,您是否有Rack :: Cache或Nginx的代理缓存之类的东西?
解决方案2
0 已采纳 2019-02-10 18:43:38
So, in case it helps someone in the future, I managed to fix the issue, although not completely. 因此,以防万一将来对某人有帮助,我设法解决了这个问题,尽管没有完全解决。 In my nginx config I have this line: 在我的nginx配置中,我有这行:
server_name *.myappdomain.com;
myappdomain was my production domain. myappdomain是我的生产域。 I was trying to log in using my elasticbeanstalk url which was something like http://myapp-stage.region.elasticbeanstalk.com . 我试图使用我的elasticbeanstalk网址登录,该网址类似于http://myapp-stage.region.elasticbeanstalk.com 。 I added an entry to my DNS on route 53 to alias stage.myappdomain.com to the elastic beanstalk URL and it worked. 我在路由53上的DNS中添加了一个条目,将别名stage.myappdomain.com到了弹性beantalk URL中,它可以正常工作。 I suspect playing a bit more with the nginx config would solve this in a nicer way as well. 我怀疑使用nginx配置多玩一点也会解决这个问题。
解决方案3
0 2019-03-08 12:01:29
Another reason this can happen: If nginx connects to the rails server using plain http, by default nginx won't allow rails access to cookies if they're marked secure (which they should be). 发生这种情况的另一个原因:如果nginx使用纯http连接到rails服务器,则默认情况下,nginx将不允许Rails访问cookie(如果它们被标记为安全)(应该是安全的)。 There are various ways to configure NGINX to pass them through - a good summary can be found on the unix & linux stackexchange 有多种方法可以配置NGINX以使它们通过-可以在Unix和Linux上找到很好的总结
(Note that this likely isn't the only scenario this can happen, so check the configuration on each layer of the stack if possible) (请注意,这可能不是唯一可能发生的情况,因此请尽可能检查堆栈每一层的配置)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.