[英]Getting an ActionController::InvalidAuthenticityToken for my XML
I am working with a third-party API. 我正在使用第三方API。 That server is supposed to POST back to my URL.
该服务器应该回发到我的URL。
My URL is: 我的网址是:
http://www.mydomain.com/teleku/playvoice.xml
The controller has some logic, but basically contains a respond_to do block and the corresponding view is a very basic xml builder. 该控制器具有一些逻辑,但基本上包含一个response_to do块,并且相应的视图是一个非常基本的xml构建器。
However, I get the following error in the logs: 但是,我在日志中收到以下错误:
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): haml (2.2.17) [v] lib/sass/plugin/rails.rb:19:in
process_without_compass' compass (0.8.17) [v] lib/compass/app_integration/rails/action_controller.rb:7:in
process'ActionController :: InvalidAuthenticityToken(ActionController :: InvalidAuthenticityToken):haml(2.2.17)[v] lib / sass / plugin / rails.rb:19:在
process_without_compass' compass (0.8.17) [v] lib/compass/app_integration/rails/action_controller.rb:7:in
中'
要禁用此检查,请将其添加到您的控制器:
protect_from_forgery :except => [:your_method_name]
OK. 好。 This is what i could figure out:
这是我能弄清楚的:
Example explanation: 示例说明:
http://www.teleku.com/examples#highlowruby http://www.teleku.com/examples#highlowruby
From the example gist thats provided by teleku: 从teleku提供的示例要点中可以看出:
http://gist.github.com/raw/317657/38cd329895c79bd49e91304a6fe7cb1f88e02065/HighLow%20Ruby%20Sinatra%20Teleku%20PhoneML%20Voice%20Applications http://gist.github.com/raw/317657/38cd329895c79bd49e91304a6fe7cb1f88e02065/HighLow%20Ruby%20Sinatra%20Teleku%20PhoneML%20Voice%20Applications
It looks like there is no auth token required. 似乎不需要身份验证令牌。 So you can use curl to test,
因此,您可以使用curl进行测试,
curl --data-urlencode "callerinput=lower" http://highlow.heroku.com/guess/10
where my guess is 10 and i am betting lower than the randomly selected number by the dealer. curl --data-urlencode "callerinput=lower" http://highlow.heroku.com/guess/10
其中我的猜测是10,我打赌低于经销商随机选择的数字。 It works. 有用。 But if you want to make it work in your application you should encode the authenticity token into the url too.
但是,如果要使其在您的应用程序中工作,则也应该将真实性令牌编码到url中。 For Example, if the same app had protect_from_forgery enabled, then it would be:
例如,如果同一应用程序启用了protect_from_forgery,则它将是:
curl --data-urlencode "callerinput=lower&authenticity_token=blahblahblah" http://highlow.heroku.com/guess/10"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.