我正在使用devise(最新版本 - 3.2.0)rails(最新版本 - 4.0.1)
我正在进行简单的身份验证(没有ajax或api)并且收到CSRF真实性令牌的错误.检查下面的POST请求
started POST "/users/sign_in" for 127.0.0.1 at 2013-11-08 19:48:49 +0530
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"?",
"authenticity_token"=>"SJnGhXXUXjncnPhCdg3muV2GYCA8CX2LVFV78pqddD4=", "user"=>
{"email"=>"a@a.com", "password"=>"[FILTERED]", "remember_me"=>"0"},
"commit"=>"Sign in"}
Can't verify CSRF token authenticity
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."email" =
'a@a.com' LIMIT 1
(0.1ms) begin transaction
SQL (0.4ms) UPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?,
"sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = 2 [["last_sign_in_at", Fri,
08 Nov 2013 …我想通过JSON进行新的用户注册,但是我收到了无效的真实性令牌错误.
我想不要为所有控制器打开伪造检查.有关如何覆盖registrationcontroller的任何建议吗?
这是我的代码:
class Api::MobileRegistrationsController < Devise::RegistrationsController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
super
end
end
路线:
Whitney::Application.routes.draw do
resources :apps
devise_for :users
namespace :api do
resources :tokens, :only => [:create, :destroy]
resources :MobileRegistrations, :only => [:create]
end
我收到一个错误:
Routing Error
uninitialized constant Api::MobileRegistrationsController
我正在使用第三方库生成一个原始XMLHttpRequest的new XMLHttpRequest.
这绕过了我的CSRF保护并被我的rails服务器击落.
有没有办法在实例化时将全局添加预定义的CSRF令牌($('meta[name=csrf-token]').attr('content'))添加到所有实例XMLHttpRequest?
我正在将ios app与rails服务器集成.在这里,我已经实现了设计认证.当一个新人从我的应用程序注册时,我的日志中出现以下错误
Processing by Devise::RegistrationsController#create as JSON
Parameters: {"password_confirmation"=>"[FILTERED]", "email"=>"sss@example.com", "password"=>"[FILTERED]", "registration"=>{"password_confirmation"=>"[FILTERED]", "email"=>"sss@example.com", "password"=>"[FILTERED]"}}
WARNING: Can't verify CSRF token authenticity
(0.1ms) begin transaction
(0.0ms) rollback transaction
Completed 406 Not Acceptable in 28ms (ActiveRecord: 0.7ms)
我正在尝试为我的 Rails 应用程序构建 JSON API,并编写了以下方法:
def create
organization = Organization.find(params[:organization][:node_id])
node = organization.nodes.build(nodes_params.except[:id])
if node.save
render json: node, status: :ok
else
render json: node, status: :bad_request
end
end
在 Postman 中尝试该方法会返回错误:“无法验证 CSRF 令牌的真实性”。基于这篇文章,我将下面的代码添加到基本控制器中。不幸的是,这没有什么区别。有人了解错误的原因吗?
protect_from_forgery
skip_before_action :verify_authenticity_token, if: :json_request?
private
def json_request?
request.format.json?
end
我有一个使用Devise进行身份验证的本机Rails应用程序(使用token_authenticatable模块).使用现有帐户,一旦获得令牌,我就可以使用JSON在我的原生iOS应用程序中成功执行API调用.
我想添加通过iOS应用程序创建新帐户的功能,而无需使用浏览器.Devise只允许通过HTML创建帐户吗?
我看过这篇文章 Rails/Devise - 通过json请求创建新用户
并通过CURL尝试了各种各样的事情,包括:
$ curl -H "Content-Type: application/json" -d '{"email":"who@me.com","password":"mypass"}' -vX POST http://localhost:5000/users.json
...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> POST /users.json HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5000
> Accept: */*
> Content-Type: application/json
> Content-Length: 44
>
* upload completely sent off: 44 out of 44 bytes
< HTTP/1.1 406 Not Acceptable
< Content-Type: application/json; charset=utf-8
< X-Ua-Compatible: IE=Edge
< Cache-Control: …