出于某种原因,当使用json或xml向我的应用程序发出请求时,我得到一个InvalidAuthenticityToken.我的理解是rails应该只为html或js请求提供真实性令牌,因此我不应该遇到这个错误.到目前为止,我发现的唯一解决方案是禁用protect_from_forgery来执行我想通过API访问的任何操作,但由于显而易见的原因,这并不理想.思考?
def create
respond_to do |format|
format.html
format.json{
render :json => Object.create(:user => @current_user, :foo => params[:foo], :bar => params[:bar])
}
format.xml{
render :xml => Object.create(:user => @current_user, :foo => params[:foo], :bar => params[:bar])
}
end
end
每当我将请求传递给操作时,这就是我在日志中获得的内容:
Processing FooController#create to json (for 127.0.0.1 at 2009-08-07 11:52:33) [POST]
Parameters: {"foo"=>"1", "api_key"=>"44a895ca30e95a3206f961fcd56011d364dff78e", "bar"=>"202"}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
thin (1.2.2) lib/thin/connection.rb:76:in `pre_process'
thin (1.2.2) lib/thin/connection.rb:74:in `catch'
thin (1.2.2) lib/thin/connection.rb:74:in `pre_process'
thin (1.2.2) lib/thin/connection.rb:57:in `process'
thin (1.2.2) lib/thin/connection.rb:42:in `receive_data'
eventmachine (0.12.8) lib/eventmachine.rb:242:in `run_machine'
eventmachine (0.12.8) …它不仅可以在HTML中填写表单,还可以发送包含参数的发布请求.例如,如果将Accept标志设置为'application/JSON',是否可以关闭真实性标记在HTTP标头?