设计。无法验证CSRF令牌的真实性

时间:2015-11-12 10:16:16

标签: ruby-on-rails devise

我正试图从另一个网页登录我的应用程序。我得到了:

Started POST "/users/sign_in" for <IP>  at 2015-11-12 09:10:50 +0000
Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"s8Juci8NHpiIhPtZMUycOjF0oEe4cmHsrVukMLHa9VJpbhRKX7P3uN1JnMPYHIGOse0aLa0ni/5nXh8qe8DUkA==", "user"=>{"email"=>"my_email@example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Can't verify CSRF token authenticity

我怎样才能让它发挥作用? 我尝试了不同的方法:

before_filter :authenticate_user!, except: :sign_in
protect_from_forgery except: :sign_in
skip_before_filter :verify_authenticity_token, only: [:sign_in]

但它没有帮助。如何在登录和注销时跳过CSRF令牌检查?

1 个答案:

答案 0 :(得分:2)

Skip verification of token in your controller Like this

skip_before_action :verify_authenticity_token