Rails简单形式给出InvalidAuthenticityToken错误
我有这样一个简单的表格:
<form name="serachForm" method="post" action="/home/search">
<input type="text" name="searchText" size="15" value="">
<input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29">
</form>以及采用这种方法的控制器:
def busca
puts params[:searchText]
end当我单击表单中的图像按钮时,我会得到一个ActionController::InvalidAuthenticityToken。以下是完整的StackTrace:
/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in发送“/Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in call”/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller//Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:615:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:in run_before_filters‘filters.rb:225:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:in perform_action_without_benchmark’/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue‘/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/rescue.rb:136:in perform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:inperform_action‘/Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:in cache’/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in发送‘process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:in process_without_session_management_support’/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:in process /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/webrick_server.rb:74:in service' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in要求“/Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:521:in new_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in require”/Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/server.rb:49
这是怎么回事?
回答 4
Stack Overflow用户
发布于 2009-09-05 22:39:33
默认情况下,所有非获取操作都需要与请求一起传递真实性令牌。Rails使用真实性令牌来避免CSRF攻击。
确保它始终到位的最简单的方法是使用form_tag助手,而不是手工编写helper。
<% form_tag "/home/search", :name => "searchForm" do %>
fields here
<% end %>Stack Overflow用户
发布于 2009-11-03 07:43:53
沿着Nat的路线,加上
<%= token_tag %> 就在HTML“表单”标记工作之后
Stack Overflow用户
发布于 2009-09-06 12:09:15
如果不使用帮助程序生成表单标记,则手动生成带有真实性令牌的隐藏字段:
<input type="hidden"
value="<%= form_authenticity_token() %>"
name="authenticity_token"/>https://stackoverflow.com/questions/1383997
复制相似问题
腾讯云开发者
