我有一个这样的简单形式:
<form name="serachForm" method="post" action="/home/search">
<input type="text" name="searchText" size="15" value="">
<input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29">
</form>
使用此方法的控制器:
def busca
puts params[:searchText]
end
当我单击表单中的图像按钮时,我得到一个ActionController :: InvalidAuthenticityToken。这是完整的StackTrace:
/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in
verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in发送” /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:inevaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in称之为” /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:225:incall' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:inrun_before_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:615:incall_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:inperform_action_without_benchmark” /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:inperform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:inperform_action_without_rescue” /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/rescue.rb:136:inperform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:inperform_action” /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:incache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:in缓存” /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:12:inperform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in发送' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:inprocess_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:inprocess_without_session_management_support” /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:inprocess' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:in过程 /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/webrick_server.rb:74:inservice' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in需要” /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:521:innew_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in需要” /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/server.rb:49
发生了什么事?
答案 0 :(得分:20)
沿着Nat的路线,添加
<%= token_tag %>
在HTML“form”标签工作之后
答案 1 :(得分:9)
默认情况下,所有非GET操作都要求将真实性令牌与请求一起传递。 Rails使用真实性令牌来避免CSRF攻击。
确保它始终存在的最简单方法是使用form_tag帮助程序而不是手动编写HTML。
<% form_tag "/home/search", :name => "searchForm" do %>
fields here
<% end %>
答案 2 :(得分:6)
如果您不使用帮助程序生成表单标记,则可以使用真实性标记手动生成隐藏字段:
<input type="hidden"
value="<%= form_authenticity_token() %>"
name="authenticity_token"/>
答案 3 :(得分:1)
使用其他人建议的表单助手可以正常工作。
由于这是一个搜索表单,该方法实际上应该是'get'。通常,除非数据库中的某些内容发生变化,否则应使用“get”。
对搜索表单使用method ='get'也更加友好的书签/后退按钮。