尝试销毁对象时设计注销(Rails 3.0.5和Devise 1.1.8)
[英]Devise logout when trying to destroy an object (Rails 3.0.5 & Devise 1.1.8)
问题描述
I upgraded to Rails 3.0.5 & Devise 1.1.8. 
我升级到Rails 3.0.5和Devise 1.1.8。 When I try to delete any object (through a view with :remote => true), I get an authentication dialog and the Devise session is destroyed. 当我尝试删除任何对象时(通过带有:remote => true的视图),我得到一个身份验证对话框,并且销毁了Devise会话。 Then, I have to login again, and the object is still there... does anyone else have this problem? 然后,我必须再次登录,对象仍在那里......其他人有没有这个问题? Any ideas on how to solve it? 关于如何解决它的任何想法?
Thank you very much. 非常感谢你。
4 个解决方案
解决方案1
16 已采纳 2011-03-16 13:53:55
This problem is not related to Devise. 这个问题与Devise无关。 In short, since Rails 3.0.4 it is required that every non-GET request should have CSRF token, otherwise session gets cleared. 简而言之,自从Rails 3.0.4以来,每个非GET请求都需要具有CSRF令牌,否则会话被清除。
There are two major changes in this fix, the behaviour when CSRF protection fails has changed and the token will now be required for all non-GET requests.
After applying this patch failed CSRF requests will no longer generate HTTP 500 errors, instead the session will be reset .
More details here: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails 更多细节在这里: http : //weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
jQuery snippet to use with your AJAX requests 用于AJAX请求的jQuery代码段
$(document).ajaxSend(function(e, xhr, options) {
var token = $("meta[name='csrf-token']").attr("content");
xhr.setRequestHeader("X-CSRF-Token", token);
});
If you're using prototype, you'll need the following code: 如果您正在使用原型,则需要以下代码:
Ajax.Responders.register({
onCreate: function(request) {
var csrf_meta_tag = $$('meta[name=csrf-token]')[0];
if (csrf_meta_tag) {
var header = 'X-CSRF-Token',
token = csrf_meta_tag.readAttribute('content');
if (!request.options.requestHeaders) {
request.options.requestHeaders = {};
}
request.options.requestHeaders[header] = token;
}
}
});
解决方案2
4 2011-05-11 16:51:01
我遇到了同样的麻烦,没有ajax破坏调用结果我只是错过旧布局标题中的<%= csrf_meta_tag%>。
解决方案3
2 2011-04-20 01:07:18
I am using rails 3.0.5 and simply replacing my public/javascript/rails.js with the latest one from here ( https://github.com/rails/jquery-ujs/blob/master/src/rails.js ) fixed this issue!! 我正在使用rails 3.0.5并简单地用我最近的那个( https://github.com/rails/jquery-ujs/blob/master/src/rails.js )替换我的public / javascript / rails.js这个问题!!
PS : That rails.js should be used when you are using only jquery! PS:当你只使用jquery时应该使用rails.js!
解决方案4
-1 2011-03-15 09:02:11
I had the same problem in Rails 3.0.5 + Devise (1.x + 1.2RC): User is being logged out on certain AJAX-requests. 我在Rails 3.0.5 + Devise(1.x + 1.2RC)中遇到了同样的问题:用户正在注销某些AJAX请求。
The only solution to avoid this for now is downgrading Rails to 3.0.3. 目前唯一避免这种情况的解决方案是将Rails降级到3.0.3。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.