我正试图从另一个网页登录我的应用程序。我得到了:
Started POST "/users/sign_in" for <IP> at 2015-11-12 09:10:50 +0000
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"s8Juci8NHpiIhPtZMUycOjF0oEe4cmHsrVukMLHa9VJpbhRKX7P3uN1JnMPYHIGOse0aLa0ni/5nXh8qe8DUkA==", "user"=>{"email"=>"my_email@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Can't verify CSRF token authenticity
我怎样才能让它发挥作用? 我尝试了不同的方法:
before_filter :authenticate_user!, except: :sign_in
protect_from_forgery except: :sign_in
skip_before_filter :verify_authenticity_token, only: [:sign_in]
但它没有帮助。如何在登录和注销时跳过CSRF令牌检查?
答案 0 :(得分:2)
Skip verification of token in your controller Like this
skip_before_action :verify_authenticity_token