我正在开发一个Ionic移动应用程序,Rails使用JSON API 与我的后端服务器通信.我已经读过,如果第一个请求返回一个名为的cookie ,AngularJS将通过X-XSRF-TOKEN在POST请求上发送标头来自动处理XSRF保护GETXSRF-TOKEN
我更新了我的Rails application_controller.rb如下:
class ApplicationController < ActionController::Base
protect_from_forgery
after_filter :set_access_control_headers
after_filter :set_csrf_cookie_for_ng
def after_sign_in_path_for(resource)
main_path
end
def after_sign_out_path_for(resource)
login_path
end
##
# Sets headers to support AJAX Cross-Origin Resource Sharing.
# This is only needed for testing within browser (i.e. mobile apps do not need it).
##
def set_access_control_headers
# hosts who can make AJAX requests
headers['Access-Control-Allow-Origin'] = 'http://localhost:8100'
headers['Access-Control-Request-Method'] = '*'
headers['Access-Control-Allow-Headers'] …