Question

我有一个Rails 3.2应用程序，我需要接受来自第三方的POST请求。我想将传入的请求存储在我的“消息”模型中。我的MessageController看起来如下：

class MessagesController < ApplicationController
  protect_from_forgery :except => :create
...

def create
@message = Message.new(content: params[:content], command: params[:command], messageId: params[:messageId], ...)

respond_to do |format|
  if @message.save
...

我收到的请求如下：

curl -d "content=GUESTTEST&command=deliverMessage&messageId=11389622" https://[myapp].herokuapp.com/messages

这在本地工作正常（http：// localhost：3000 / messages）但是当我切换到heroku时，请求不再起作用。

heroku logs

表示：

    2012-08-13T07:54:01+00:00 app[web.1]: Started POST "/" for 178.195.215.59 at 2012-08-13 07:54:01 +0000
    2012-08-13T07:54:01+00:00 app[web.1]: Processing by StaticPagesController#home as */*
    2012-08-13T07:54:01+00:00 app[web.1]:   Parameters: {"content"=>"GUESTTEST", "time"=>"2012-08-01 10:09:03", "businessNumber"=>"5555", "sessionId"=>"5555CHS1343808543654", "operatorCode"=>"99999", "msisdn"=>"0099955291", "keyword"=>"GUESTTEST", "command"=>"deliverMessage", "messageId"=>"11389622"}
    2012-08-13T07:54:01+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered static_pages/home.html.erb within layouts/application (1.1ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_shim.html.erb (0.0ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_header.html.erb (0.9ms)
    2012-08-13T07:54:01+00:00 app[web.1]:   Rendered layouts/_footer.html.erb (0.2ms)
    2012-08-13T07:54:01+00:00 app[web.1]: Completed 200 OK in 6ms (Views: 5.6ms | ActiveRecord: 0.0ms)
    2012-08-13T07:54:01+00:00 heroku[router]: POST guestlist12.herokuapp.com/ dyno=web.1 queue=0 wait=0ms service=72ms status=200 bytes=2425

如果没有CSRF令牌，我需要更改哪些内容才能使帖子正常工作？

非常感谢任何帮助！

Answer 1

总结评论中的答案，以便从“未答复”过滤器中删除此问题：

[删除] protect_from_forgery [来自]应用程序控制器。

〜每Amol Pujari

回答

Rails：为第三方POST请求禁用CSRF

1 个答案: