Rails API帖子无效 - csrf?

时间:2018-04-26 22:43:50

标签: ruby-on-rails api

我有一个带有Rails API的创建路由。它对邮递员很好。但它冻结了我正在建造的实际网站。

我认为*我已经处理了csrf保护,但我确实看到'无法验证CSRF令牌的真实性。'在下面的heroku日志中。我在应用程序控制器中有'protect_from_forgery with::null_session'。

我无法弄清楚发生了什么。这是完整的控制器:

class PostsController < ApplicationController
    # controls error handling 
    # rescue_from ActiveRecord::RecordInvalid, with: :render_unprocessable_entity_response
    rescue_from ActiveRecord::RecordNotFound, with: :render_not_found_response

    def index 
        @posts = Post.all
        render json: @posts, include: 'comments', status: 200
    end 

    def create 
        @post = Post.new(post_params)
        if @post.save
            render json: @post, status: 201
        else 
            render json: {status: "error", code: 400, message: "Not all required params were provided"}, status: 400
        end
    end 
   private 

    # defines the data in the post model
    def post_params
        params.permit(:content, :title)
    end

    def render_not_found_response(exception)
    render json: {
        message: "Validation Failed",
        errors: exception.message, 
        location: 'id'
    }, status: 422
    end 
end

应用程序控制器:

class ApplicationController < ActionController::Base
    # prevents csrf blocking
    protect_from_forgery with: :null_session
end

以下是heroku的完整错误日志:

2018-04-26T22:38:30.591225+00:00 heroku[router]: at=info method=OPTIONS path="/posts" host=seabolt-rails-api.herokuapp.com request_id=b3fcf1fa-fc7f-4a7c-a9fe-d41af12d9bab fwd="73.71.195.204" dyno=web.1 connect=1ms service=2ms status=200 bytes=335 protocol=https
2018-04-26T22:38:30.702794+00:00 app[web.1]: I, [2018-04-26T22:38:30.701935 #4]  INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Processing by PostsController#create as */*
2018-04-26T22:38:30.691208+00:00 app[web.1]: I, [2018-04-26T22:38:30.690928 #4]  INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Started POST "/posts" for 73.71.195.204 at 2018-04-26 22:38:30 +0000
2018-04-26T22:38:30.702806+00:00 app[web.1]: I, [2018-04-26T22:38:30.702579 #4]  INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312]   Parameters: {"newPost"=>{"title"=>"sdfdsfsd", "content"=>"sfdfsdsfd"}, "post"=>{}}
2018-04-26T22:38:30.705007+00:00 app[web.1]: W, [2018-04-26T22:38:30.704875 #4]  WARN -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Can't verify CSRF token authenticity.
2018-04-26T22:38:30.712141+00:00 app[web.1]: D, [2018-04-26T22:38:30.711967 #4] DEBUG -- : [c6c143d4-2846-40c2-b1fd-153defae6312]    (1.3ms)  BEGIN
2018-04-26T22:38:30.734534+00:00 app[web.1]: D, [2018-04-26T22:38:30.734374 #4] DEBUG -- : [c6c143d4-2846-40c2-b1fd-153defae6312]    (1.2ms)  ROLLBACK
2018-04-26T22:38:30.735886+00:00 app[web.1]: I, [2018-04-26T22:38:30.735792 #4]  INFO -- : [c6c143d4-2846-40c2-b1fd-153defae6312] Completed 400 Bad Request in 33ms (Views: 0.6ms | ActiveRecord: 2.6ms)
2018-04-26T22:38:30.737444+00:00 heroku[router]: at=info method=POST path="/posts" host=seabolt-rails-api.herokuapp.com request_id=c6c143d4-2846-40c2-b1fd-153defae6312 fwd="73.71.195.204" dyno=web.1 connect=1ms service=53ms status=400 bytes=613 protocol=https

我在我的控制台中得到了这个,但这是我自己的错误(我想我需要改变它,因为推理似乎不准确:

{status: "error", code: 400, message: "Not all required params were provided"} 

以下是启动请求的redux-thunk操作:

export const createPost = newPost => dispatch => {
    console.log(newPost)
    return fetch(`https://seabolt-rails-api.herokuapp.com/posts `, {
        method: 'POST', 
        headers: {
            'content-type': 'application/json'
        }, 
        body: JSON.stringify({post: {newPost}})
    })
    .then(res => normalizeResponseErrors(res))
    .then(() => dispatch(getAllPosts()))
    .catch(err => console.error(err)); 
}

我不知道该怎么做。救命啊!

0 个答案:

没有答案