Rails facebook Iframe 应用程序错误：InvalidAuthenticityToken

Question

当我访问我的 facebook iframe 应用程序时出现此错误：

The change you wanted was rejected.

Maybe you tried to change something you didn't have access to.

Heroku 日志：

2011-06-05T08:30:41+00:00 app[web.1]: Started POST "/facebook/" for xxxx
03 at 2011-06-05 10:30:41 +0200
2011-06-05T08:30:41+00:00 heroku[router]: POST www.vinderhimlen.dk/facebook/ dyn
o=web.1 queue=0 wait=0ms service=39ms bytes=711
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]: ActionController::InvalidAuthenticityToken
 (ActionController::InvalidAuthenticityToken):
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:41+00:00 app[web.1]:
2011-06-05T08:30:45+00:00 heroku[web.1]: Stopping process with SIGTERM
2011-06-05T08:30:45+00:00 app[web.1]: >> Stopping ...
2011-06-05T08:30:45+00:00 heroku[web.1]: Process exited

Iceberg@ICEBERG-PC /c/rails/konkurranceportalen (master)
$

Answer 1

默认情况下，Rails 要求每个 POST 都包含一个标记作为隐藏字段。

这可以保护您的应用免受跨站点请求伪造。

请参阅 Rails 请求伪造保护文档。

skip_before_filter:verify_authenticity_token可能对进一步调试有用。