Ruby on rails 升级到rails 5后,I';尝试登录时收到无效的CSRF令牌错误
我使用Desive进行身份验证,但在我从rails 4升级到rails 5之后,即使请求中包含CSRF令牌,我也无法登录 这是我看到的服务器日志:Ruby on rails 升级到rails 5后,I';尝试登录时收到无效的CSRF令牌错误,ruby-on-rails,ruby-on-rails-5,Ruby On Rails,Ruby On Rails 5,我使用Desive进行身份验证,但在我从rails 4升级到rails 5之后,即使请求中包含CSRF令牌,我也无法登录 这是我看到的服务器日志: Started POST "/users/sign_in" for 127.0.0.1 at 2019-04-02 15:27:09 +1100 Processing by Users::SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_to
Started POST "/users/sign_in" for 127.0.0.1 at 2019-04-02 15:27:09 +1100
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"q3Ui2rNEIIuRcpNxpbhbIxYLWuYcfd4FxBzIHKgBvdFLUZ96gTIJSQ37kfziG82Vg77NHfdvEkIrThfG6ySpiQ==", "user"=>{"email"=>"xxx", "password"=>"[FILTERED]", "remember_me"=>"0"}}
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'xxx' ORDER BY `users`.`id` ASC LIMIT 1
(0.2ms) BEGIN
SQL (0.3ms) UPDATE `users` SET `current_sign_in_at` = '2019-04-02 03:46:49', `sign_in_count` = 16, `updated_at` = '2019-04-02 03:46:49' WHERE `users`.`id` = 2
(2.2ms) COMMIT
Can't verify CSRF token authenticity.
(0.2ms) BEGIN
(0.1ms) COMMIT
User Load (0.3ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'xxx' ORDER BY `users`.`id` ASC LIMIT 1
(0.2ms) BEGIN
SQL (0.4ms) UPDATE `users` SET `last_sign_in_at` = '2019-04-02 03:46:49', `sign_in_count` = 17 WHERE `users`.`id` = 2
(0.3ms) COMMIT
显然,当我跳过真实性令牌验证时,问题就消失了。在仔细研究之后,我发现了这条线索,特别是: 对于Rails 5,请注意,
protect\u from\u fagerybefore\u actionauthenticate\u userprotect\u from\u fagery防止伪造prepend:true(感谢马克·梅里特,他也指出了同样的问题)在仔细研究之后,我发现了这条线索,特别是: 对于Rails 5,请注意,
protect\u from\u fagerybefore\u actionauthenticate\u userprotect\u from\u fagery防止伪造prepend:true