我正在开发一个简单的网站,让管理员创建问题并解决用户问题.我使用ActiveAdmin作为管理员部分和简单的
AJAX调用用户解决部分.尝试通过ActiveAdmin :: Devise进行登录成功,但无法登录.我删除了所有的cookie,从那时起,我无法在没有CSRF令牌真实性异常的情况下进行POST操作.我的application.html.erb的头部中有正确的Meta_tags,声明
jquery_ujs(其他线程说它的一个常见问题),并且在这两个POST操作中,存在真实性令牌.我尝试甚至通过skip_before_filter避免验证:verify_authenticity_token,但ActiveAdmin登录和POST示例继续失败.日志如下,您可以看到令牌存在.如果任何一个破坏了CSRF,我也会显示Gemfile.
> Rails版本[4.1.0]
> Ruby版本[2.1]
> Phusion乘客版[4.0.41]
提前致谢.
application.html.erb
- <head>
- <title>Introducción Matematicas</title>
- <%= stylesheet_link_tag "application",media: "all"%>
- <%= javascript_include_tag "application","data-turbolinks-track" => true %>
- <link href="http://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700|Roboto+Slab:300,400" rel="stylesheet" type="text/css">
- <%= csrf_Meta_tags %>
- </head>
的application.js
- //= require jquery
- //= require jquery_ujs
- //= require_tree ../../../vendor/assets/javascripts/.
- //= require_tree .
应用控制器
- class ApplicationController < ActionController::Base
- # Prevent CSRF attacks by raising an exception.
- # For APIs,you may want to use :null_session instead.
- protect_from_forgery with: :null_session
- #skip_before_filter :verify_authenticity_token
- before_filter :configure_permitted_parameters,if: :devise_controller?
- protected
- def configure_permitted_parameters
- devise_parameter_sanitizer.for(:sign_up) do |u|
- u.permit :name,:college,:email,:password,:password_confirmation
- end
- end
- end
管理登录日志
- INFO -- : Processing by ActiveAdmin::Devise::SessionsController#create as HTML
- INFO -- : Parameters: {"utf8"=>"✓","authenticity_token"=>"aRZK3470X6+FJPANEuHAiwVW4NZwMzCkXtoZ1qlhQ0o=","admin_user"=>{"email"=>"omar@gmail.com","password"=>"[FILTERED]","remember_me"=>"0"},"commit"=>"Login"}
- WARN -- : Can't verify CSRF token authenticity
- INFO -- : Completed 401 Unauthorized in 110ms
- INFO -- : Processing by ActiveAdmin::Devise::SessionsController#new as HTML
- INFO -- : Parameters: {"utf8"=>"✓","commit"=>"Login"}
- WARN -- : Can't verify CSRF token authenticity
- INFO -- : Rendered vendor/cache/ruby/2.1.0/bundler/gems/active_admin-a460d8d2ab37/app/views/active_admin/devise/shared/_links.erb (2.0ms)
- INFO -- : Rendered vendor/cache/ruby/2.1.0/bundler/gems/active_admin-a460d8d2ab37/app/views/active_admin/devise/sessions/new.html.erb within layouts/active_admin_logged_out (73.0ms)
- INFO -- : Completed 200 OK in 302ms (Views: 80.2ms | ActiveRecord: 0.0ms)
通过AJAX日志简单的POST
- INFO -- : Processing by QuestionsController#check_question as JS
- INFO -- : Parameters: {"utf8"=>"✓","que_id"=>"44","authenticity_token"=>"CjaAx+B36JPc1PUIhta0vIuOTKX4UhrFWlmYHAd+KWY=","question"=>{"id"=>"169"},"commit"=>"Verificar Respuesta","id"=>"6"}
- WARN -- : Can't verify CSRF token authenticity
- INFO -- : Rendered answers/_answer.html.erb (1.2ms)
- INFO -- : Rendered questions/check_question.js.erb (17.0ms)
- INFO -- : Completed 200 OK in 94ms
的Gemfile
- source 'https://rubygems.org'
- gem 'rails','4.1.0'
- #gem 'ckeditor'
- gem 'MysqL2',"0.3.15"
- gem 'devise'
- gem 'activeadmin',github: 'gregbell/active_admin'
- gem 'sass-rails','~> 4.0.0'
- gem 'uglifier','>= 1.3.0'
- gem 'execjs'
- gem 'therubyracer'
- gem 'coffee-rails','~> 4.0.0'
- gem 'jquery-rails'
- gem 'turbolinks'
- gem 'jbuilder','~> 1.2'
- group :doc do
- gem 'sdoc',require: false
- end
- gem 'minitest'