Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/ruby-on-rails/58.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ruby on rails Rails 4.1.8:身份验证令牌赢得';无法验证_Ruby On Rails_Ajax - Fatal编程技术网
Fatal编程技术网
  • ruby-on-rails/
  • Ruby on rails Rails 4.1.8:身份验证令牌赢得';无法验证

Ruby on rails Rails 4.1.8:身份验证令牌赢得';无法验证

ruby-on-rails ajax

Ruby on rails Rails 4.1.8:身份验证令牌赢得';无法验证,ruby-on-rails,ajax,Ruby On Rails,Ajax,我是Rails的新手。我有 <%= csrf_meta_tags %> <%= javascript_tag "var AUTH_TOKEN = '#{form_authenticity_token}';" if protect_against_forgery? %> 在我的ajax方法中,数据。我验证了这两个令牌,即post方法头身份验证令牌X-CSRF-token和我发送的Auth_令牌是相同的。我仍然收到无法验证CSRF令牌真实性的错误。我不想跳过安全程序

我是Rails的新手。我有

  <%= csrf_meta_tags %>
  <%= javascript_tag "var AUTH_TOKEN = '#{form_authenticity_token}';" if protect_against_forgery? %>
在我的ajax方法中,
数据
。我验证了这两个令牌,即post方法头身份验证令牌
X-CSRF-token
和我发送的
Auth_令牌
是相同的。我仍然收到
无法验证CSRF令牌真实性的错误。我不想跳过安全程序,我需要一个合适的方法来处理这个问题。有什么想法吗?提前谢谢

表格


 <h3 id="emailModalLabel">Tell Your Friends About Us</h3>
 <form class="form-horizontal col-sm-12 validate" name="emailForm" id="emailForm">
    <div class="form-group"><label>Your Name *</label><label class="error" for="your_name" generated="true"></label><input id="your_name" name="your_name" class="form-control required" placeholder="Your name" data-placement="top" data-trigger="manual" data-content="Must be at least 3 characters long, and must only contain letters." type="text"></div>
    <div class="form-group"><label>Your E-Mail *</label><input id="your_email" name="your_email" class="form-control required email" placeholder="email@you.com (so that your friend can reply to you)" data-placement="top" data-trigger="manual" data-content="Must be a valid e-mail address (user@gmail.com)" type="email"></div>
    <div class="form-group"><label>Friend's Name *</label><input id="friend_name" name="friend_name" class="form-control required" placeholder="Your friend's name" data-placement="top" data-trigger="manual" data-content="Must be at least 3 characters long, and must only contain letters." type="text"></div>
    <div class="form-group"><label>Friend's E-Mail *</label><input id="friend_email" name="friend_email" class="form-control required email" placeholder="email@friend.com (so that you can email them)" data-placement="top" data-trigger="manual" data-content="Must be a valid e-mail address (user@gmail.com)" type="email"></div>
    <div class="form-group"><label>Message</label><textarea id="message" name="message" class="form-control" rows="5" placeholder="Your message here.." data-placement="top" data-trigger="manual"></textarea></div>
    <div class="form-group"><p class="help-block pull-left text-danger hide" id="form-error">&nbsp; The form is not valid. </p></div>
    <span class="pull-right"><button class="btn col-md-5 col-sm-5 col-xs-5" data-dismiss="modal" aria-hidden="true">Cancel</button><button id="emailSubmit" type="submit" class="btn btn-default pull-right col-md-5 col-sm-5 col-xs-5">Send It!</button></span>
</form>



ajax请求中的
数据
序列化的
,因此它是一个字符串,我正在向该字符串添加令牌。
这里最好的解决方案是实现
表单标签
内置rails帮助器,如:


<%= form_tag '#', class: 'form-horizontal col-sm-12 validate', name: 'emailForm', id: 'emailForm' do %>
  <div class="form-group">
    <label>Your Name *</label>
    <label class="error" for="your_name" generated="true"></label>
    <%= text_field_tag "your_name", "", id: 'your_name', class: 'form-control required', placeholder: 'Your name', data: { placement: 'top', trigger: 'manual', content: 'Must be at least 3 characters long, and must only contain letters.' }%>
  </div>
  .
  .
  .
<% end %>




你的名字*
.
.
.


注意,我刚刚包含了第一个text\u fiel\u标记,您可以使用Rails包含任何其他字段标记

这背后是什么?Rails使用令牌来防止CSRF攻击

对于ajax调用,您必须序列化表单中的数据,然后像您已经在做的那样发送数据


使用Rails时的一个好提示是,尽量使用内置帮助程序,例如表单、图像、链接等。
能否提供构建表单的方法?您的Ajax是通过POST或GET发送的
data:data+“&authenticity\u-token=“+AUTH\u-token
原始
data
实际上是一个字符串或对象?编辑我的问题,添加ajax请求。

$("#emailForm").validate({
    rules:{
        your_name: {required: true},
        your_email: {required: true, email: true},
        friend_email: {required: true, email: true},
        friend_name: {required: true}
    },
    submitHandler: function(form) {
        $("#emailSubmit").prop("disabled", true);
        var data = $("form#emailForm").serialize();
        $.ajax({
            type: "POST",
            url: "/send",//process to mail
            data: data + "&authenticity_token="+AUTH_TOKEN,
            success: function(msg){
                if(msg['success']){
                    $(".successContainer").toggleClass( "hide", 1000, "easeOutSine" );
                    setTimeout("$('#emailModal').modal('hide')", 5000);
                }else{
                    $(".errorContainer").toggleClass( "hide", 1000, "easeOutSine" );
                }


            },
            error: function(){
                $(".errorContainer").toggleClass( "hide", 1000, "easeOutSine" );
            }
        });
    }

});



<%= form_tag '#', class: 'form-horizontal col-sm-12 validate', name: 'emailForm', id: 'emailForm' do %>
  <div class="form-group">
    <label>Your Name *</label>
    <label class="error" for="your_name" generated="true"></label>
    <%= text_field_tag "your_name", "", id: 'your_name', class: 'form-control required', placeholder: 'Your name', data: { placement: 'top', trigger: 'manual', content: 'Must be at least 3 characters long, and must only contain letters.' }%>
  </div>
  .
  .
  .
<% end %>