无法在rails中验证CSRF令牌的真实性
[英]Can't verify CSRF token authenticity in rails
问题描述
I am using PaypalAdaptive. 
我正在使用PaypalAdaptive。 It sends ipn_notification properly. 它正确发送ipn_notification。 ipnNotification action method is as following - ipnNotification动作方法如下 -
def ipn_notification
ipn = PaypalAdaptive::IpnNotification.new
ipn.send_back(request.raw_post.to_json)
print "=====================request.raw_post#{request.raw_post}=============="
if ipn.verified?
PaymentMailer.notify_unknown(request.raw_post).deliver
else
logger.info "IT DIDNT WORK"
end
render :nothing => true
end
but it's returning error 但它返回错误
WARNING: Can't verify CSRF token authenticity rails
Any help for this problem. 对此问题有任何帮助。
3 个解决方案
解决方案1
18 已采纳 2012-08-16 12:44:46
In your controller: 在你的控制器中:
skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]
For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...): 对于快速阅读并分发-1的人(跳过一个重要部分:它不是来自客户端的POST调用...):
yes it skips a security BUT... Read after...
是的,它会跳过安全但是...之后阅读...... yes, it's the only way for external website POST requests
是的,这是外部网站POST请求的唯一方式 yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.
是的,它是安全的:当你接到Paypal或类似的电话时,你显然会检查参数和密钥。
解决方案2
14 2013-03-09 21:57:49
The correct solution for this problem without compromising security 在不影响安全性的情况下解决此问题的正确方法
In your ajax request send the csrf token value as header. 在您的ajax请求中,将csrf标记值作为标头发送。
var csrfToken = $("meta[name='csrf-token']").attr("content");
$.ajaxSetup({
headers: {
'X-CSRF-Token': csrfToken
}
});
解决方案3
4 2013-12-25 13:45:51
Add the following line in your application.js 在application.js中添加以下行
//= require jquery_ujs
And try. 并尝试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.