如果protect_from_forgery在application_controller中提到了该选项,那么我可以登录并执行任何GET请求,但是在第一次POST请求时,Rails会重置会话,这会导致我退出.
我protect_from_forgery暂时关闭了该选项,但想将它与Angular.js一起使用.有办法做到这一点吗?
当我尝试POST时RestKit,Rails控制台中有一个警告:
Started POST "/friends" for 127.0.0.1 at 2012-04-16 09:58:10 +0800
Processing by FriendsController#create as */*
Parameters: {"friend"=>{"myself_id"=>"m001", "friend_id"=>"f001"}}
WARNING: Can't verify CSRF token authenticity
(0.1ms) BEGIN
SQL (1.7ms) INSERT INTO `friends` (`friend_id`, `myself_id`) VALUES ('f001', 'm001')
(1.1ms) COMMIT
Redirected to http://127.0.0.1:3000/friends/8
Completed 302 Found in 6ms (ActiveRecord: 3.0ms)
这是客户端代码:
NSMutableDictionary *attributes = [[NSMutableDictionary alloc] init];
[attributes setObject: @"f001" forKey: @"friend_id"];
[attributes setObject: @"m001" forKey: @"myself_id"];
NSMutableDictionary *params = [NSMutableDictionary dictionaryWithObject:attributes forKey:@"friend"];
[[RKClient sharedClient] post:@"/friends" params:params delegate:self];
我该如何摆脱警告?