Ruby on rails 3 IE/Safari未正确保存/读取cookie CSRF?
我有一个基于MichaelHartl的RubyonRails教程(第二版)的用户模型,它在本地运行时效果很好,从linux机器托管,但当我部署到Heroku时,IE ans Safari出现了问题。(Chrome和firefox很好用。)我使用cookie设置当前用户的值,我经常在网站上调用该值 这是我的会话\u helper.rbRuby on rails 3 IE/Safari未正确保存/读取cookie CSRF?,ruby-on-rails-3,cookies,heroku,Ruby On Rails 3,Cookies,Heroku,我有一个基于MichaelHartl的RubyonRails教程(第二版)的用户模型,它在本地运行时效果很好,从linux机器托管,但当我部署到Heroku时,IE ans Safari出现了问题。(Chrome和firefox很好用。)我使用cookie设置当前用户的值,我经常在网站上调用该值 这是我的会话\u helper.rb module SessionsHelper def sign_in(user) cookies.permanent[:remember_token]
module SessionsHelper
def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
def current_user?(user)
user == current_user
end
def signed_in_user
unless signed_in?
store_location
redirect_to signin_url, notice: "Please sign in."
end
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
def redirect_back_or(default)
redirect_to(session[:return_to] || default)
session.delete(:return_to)
end
def store_location
session[:return_to] = request.url
end
end
def new
end
def create
user = User.find_by_email(params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_back_or user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
sign_out
redirect_to root_url
end
end
2012-11-06T19:28:08+00:00 app[web.1]: Started POST "/sessions" for XXX.XXX.XXX.XXX at 2012-11-06 19:28:08 +0000
2012-11-06T19:28:08+00:00 app[web.1]: Processing by SessionsController#create as HTML
2012-11-06T19:28:08+00:00 app[web.1]: Parameters: {"utf8"=>"â", "authenticity_token"=>"Eh3xta4VHlHgBVEKiLn3CRKgWb5xFbAx91eNJlYFySs=", "session"=>{"email"=>"A@User.com", "password"=>"[FILTERED]"}, "commit"=>"Sign in"}
2012-11-06T19:28:08+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
2012-11-06T19:28:08+00:00 app[web.1]: Redirected to https://some-app_1234.herokuapp.com/users/1
2012-11-06T19:28:08+00:00 app[web.1]: Completed 302 Found in 391ms (ActiveRecord: 16.1ms)
2012-11-06T19:28:08+00:00 heroku[router]: POST some-app-1234.herokuapp.com/sessions dyno=web.1 queue=0 wait=0ms service=508ms status=302 bytes=114
2012-11-06T19:28:09+00:00 app[web.1]:
2012-11-06T19:28:09+00:00 app[web.1]:
2012-11-06T19:28:09+00:00 app[web.1]: Started GET "/users/1" for XXX.XXX.XXX.XXX at 2012-11-06 19:28:09 +0000
2012-11-06T19:28:09+00:00 app[web.1]: Processing by UsersController#show as HTML
2012-11-06T19:28:09+00:00 app[web.1]: Parameters: {"id"=>"1"}
2012-11-06T19:28:09+00:00 app[web.1]: Rendered shared/_stats.html.erb (205.2ms)
2012-11-06T19:28:09+00:00 app[web.1]: Rendered microposts/_micropost.html.erb (15.0ms)
2012-11-06T19:28:09+00:00 app[web.1]: Rendered users/show.html.erb within layouts/application (247.6ms)
2012-11-06T19:28:09+00:00 app[web.1]: Rendered layouts/_shim.html.erb (0.0ms)
2012-11-06T19:28:09+00:00 app[web.1]: Rendered layouts/_header.html.erb (1.2ms)
2012-11-06T19:28:09+00:00 app[web.1]: Rendered layouts/_footer.html.erb (0.3ms)
2012-11-06T19:28:09+00:00 app[web.1]: Completed 200 OK in 256ms (Views: 52.5ms | ActiveRecord: 202.4ms)
2012-11-06T19:28:09+00:00 heroku[router]: GET some-app-1234.herokuapp.com/users/1 dyno=web.1 queue=0 wait=0ms service=544ms status=200 bytes=2394
问题是我正在使用iframe进行dns转发!这使得cookie成为第三方cookie。如果我转发到实际的heroku地址,问题就解决了。希望我的愚蠢能帮助其他人。解决了这个问题,但我如何从第三方cookie更改为第一方cookie。