OAuth2错误:检测到CSRF
我在Rails中使用ominauth-google-oauth2 gem。我不能说这是一个错误,但我对如何解决它感到难过。我写了一个超级简单的Rails程序来验证问题。我正在关注these instructions。
似乎当我尝试登录我的gmail.com帐户时,当我启用其他支持Google oauth的帐户时,我会遇到以下异常:
OmniAuth::Strategies::OAuth2::CallbackError at /auth/google_oauth2/callback
csrf_detected | CSRF detected
这是堆栈跟踪的顶部:
Started GET "/auth/google_oauth2/callback?state=732fc603c628199503f01781639123426e7fbfa874a36a4a&code=4%2FF2VhN4EQfwYxr5cAmyp5S9sufuFMLP9Rpl-o85zWyyE" for 127.0.0.1 at 2017-10-16 12:01:03 -0400
I, [2017-10-16T12:01:03.814169 #58394] INFO -- omniauth: (google_oauth2) Callback phase initiated.
E, [2017-10-16T12:01:03.814832 #58394] ERROR -- omniauth: (google_oauth2) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
E, [2017-10-16T12:01:03.815656 #58394] ERROR -- omniauth: (google_oauth2) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
OmniAuth::Strategies::OAuth2::CallbackError - csrf_detected | CSRF detected:
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.7.1) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.7.1) lib/omniauth/strategy.rb:486:in `fail!'
omniauth-oauth2 (1.4.0) lib/omniauth/strategies/oauth2.rb:71:in `callback_phase'
omniauth (1.7.1) lib/omniauth/strategy.rb:236:in `callback_call'
omniauth (1.7.1) lib/omniauth/strategy.rb:188:in `call!'
omniauth (1.7.1) lib/omniauth/strategy.rb:168:in `call'
omniauth (1.7.1) lib/omniauth/builder.rb:63:in `call'
rack (2.0.3) lib/rack/etag.rb:25:in `call'
以下是所有相关的代码段:
初始化/ omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2,
"redacted",
"redacted"
end
的routes.rb
get 'login', to: redirect('/auth/google_oauth2'), as: 'login'
get 'logout', to: 'sessions#destroy', as: 'logout'
get 'auth/:provider/callback', to: 'sessions#create'
get 'auth/failure', to: redirect('/')
get 'home', to: 'home#show'
get 'me', to: 'me#show', as: 'me'
的观点/家/ show.html.erb
<%= link_to "Sign in with Google", "/auth/google_oauth2", id: "sign_in" %>
application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user
def authenticate
redirect_to :login unless user_signed_in?
end
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def user_signed_in?
# converts current_user to a boolean by negating the negation
!current_user.nil?
end
end
sessions_controller.rb
class SessionsController < ApplicationController
def create
@user = User.find_or_create_from_auth_hash(request.env["omniauth.auth"])
session[:user_id] = @user.id
redirect_to :me
end
def destroy
session[:user_id] = nil
redirect_to root_path
end
end
- 我使用rails server -p 3000 运行服务器
- 我使用http://localhost:3000 访问该页面
- 显示带有登录按钮的页面,我按
- 这会显示我所有可能的Google登录信息列表(我认为有4个)
- 我点击其中一个,我收到以下异常:
附加了堆栈跟踪:
0 个答案:
没有答案
相关问题
- Rails + omniauth + facebook - 检测到csrf
- omniauth google-oauth2 with devise - invalid_credentials和“Csrf detected”
- Devise + Omniauth + Google:检测到CSRF
- 自定义omniauth客户端 - 身份验证失败! csrf_detected:OmniAuth :: Strategies :: OAuth2 :: CallbackError,csrf_detected | CSRF检测到
- 消息:检测到CSRF攻击
- OAuth2错误:检测到CSRF
- CSRF在刷新网页上检测到错误消息
- oauth2和csrf attck
- 如何重现CSRF检测到的错误?
- OAuth2 csrf保护理解
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?