注册和登录工作正常。在cookie和localStorage中添加了csrf。但是当我尝试注销时出现错误401
登录控制器:
class SigninController < ApplicationController
before_action :authorize_access_request!, only: [:destroy]
def create
user = User.find_by!(email: params[:email])
if user.authenticate(params[:password])
payload = { user_id: user.id }
session = JWTSessions::Session.new(payload: payload, refresh_by_access_allowed: true)
tokens = session.login
response.set_cookie(JWTSessions.access_cookie,
value: tokens[:access],
httponly: true,
secure: Rails.env.production?)
render json: { csrf: tokens[:csrf]}
else
not_authorized
end
end
def destroy
session = JWTSessions::Session.new(payload: payload)
session.flush_by_access_payload
render json: :ok
end
private
def not_found
render json: { error: 'Cannot find such email/password combination' }, status: :not_found
end
end
我收到此错误
错误:
Started DELETE "/signin" for 127.0.0.1 at 2018-08-12 21:56:17 +0300
(0.5ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /home/greifrut/.rbenv/versions/2.4.4/lib/ruby/gems/2.4.0/gems/activerecord-5.2.0/lib/active_record/log_subscriber.rb:98
Processing by SigninController#destroy as HTML
Completed 401 Unauthorized in 2ms (Views: 0.2ms | ActiveRecord: 0.0ms)