我有一个带有Rails API的创建路由。它对邮递员很好。但它冻结了我正在建造的实际网站。
我认为*我已经处理了csrf保护,但我确实看到'无法验证CSRF令牌的真实性。'在下面的heroku日志中。我在应用程序控制器中有'protect_from_forgery with::null_session'。
我无法弄清楚发生了什么。这是完整的控制器:
class PostsController < ApplicationController
# controls error handling
# rescue_from ActiveRecord::RecordInvalid, with: :render_unprocessable_entity_response
rescue_from ActiveRecord::RecordNotFound, with: :render_not_found_response
def index
@posts = Post.all
render json: @posts, include: 'comments', status: 200
end
def create
@post = Post.new(post_params)
if @post.save
render json: @post, status: 201
else
render json: {status: "error", code: 400, message: "Not all required params were provided"}, status: 400
end
end
private
# defines the data in the post model
def post_params
params.permit(:content, :title)
end
def render_not_found_response(exception)
render json: {
message: "Validation Failed",
errors: exception.message,
location: 'id'
}, status: 422
end
end
应用程序控制器:
class ApplicationController < ActionController::Base
# prevents csrf blocking
protect_from_forgery with: :null_session
end
以下是heroku的完整错误日志:
2018-04-26T22:38:30.591225+00:00 heroku[router]: at=info method=OPTIONS path="/posts" host=seabolt-rails-api.herokuapp.com request_id=b3fcf1fa-fc7f-4a7c-a9fe-d41af12d9bab fwd="73.71.195.204" dyno=web.1 connect=1ms service=2ms status=200 bytes=335 protocol=https
2018-04-26T22:38:30.702794+00:00 app[web.1]: I, [2018-04-26T22:38:30.701935 #4] INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Processing by PostsController#create as */*
2018-04-26T22:38:30.691208+00:00 app[web.1]: I, [2018-04-26T22:38:30.690928 #4] INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Started POST "/posts" for 73.71.195.204 at 2018-04-26 22:38:30 +0000
2018-04-26T22:38:30.702806+00:00 app[web.1]: I, [2018-04-26T22:38:30.702579 #4] INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Parameters: {"newPost"=>{"title"=>"sdfdsfsd", "content"=>"sfdfsdsfd"}, "post"=>{}}
2018-04-26T22:38:30.705007+00:00 app[web.1]: W, [2018-04-26T22:38:30.704875 #4] WARN -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Can't verify CSRF token authenticity.
2018-04-26T22:38:30.712141+00:00 app[web.1]: D, [2018-04-26T22:38:30.711967 #4] DEBUG -- : [c6c143d4-2846-40c2-b1fd-153defae6312] (1.3ms) BEGIN
2018-04-26T22:38:30.734534+00:00 app[web.1]: D, [2018-04-26T22:38:30.734374 #4] DEBUG -- : [c6c143d4-2846-40c2-b1fd-153defae6312] (1.2ms) ROLLBACK
2018-04-26T22:38:30.735886+00:00 app[web.1]: I, [2018-04-26T22:38:30.735792 #4] INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Completed 400 Bad Request in 33ms (Views: 0.6ms | ActiveRecord: 2.6ms)
2018-04-26T22:38:30.737444+00:00 heroku[router]: at=info method=POST path="/posts" host=seabolt-rails-api.herokuapp.com request_id=c6c143d4-2846-40c2-b1fd-153defae6312 fwd="73.71.195.204" dyno=web.1 connect=1ms service=53ms status=400 bytes=613 protocol=https
我在我的控制台中得到了这个,但这是我自己的错误(我想我需要改变它,因为推理似乎不准确:
{status: "error", code: 400, message: "Not all required params were provided"}
以下是启动请求的redux-thunk操作:
export const createPost = newPost => dispatch => {
console.log(newPost)
return fetch(`https://seabolt-rails-api.herokuapp.com/posts `, {
method: 'POST',
headers: {
'content-type': 'application/json'
},
body: JSON.stringify({post: {newPost}})
})
.then(res => normalizeResponseErrors(res))
.then(() => dispatch(getAllPosts()))
.catch(err => console.error(err));
}
我不知道该怎么做。救命啊!