我用Rails 4和設計,並且已經覆蓋了設計的控制器,讓AJAX標誌插件和登記。這是一個單頁的應用程序。當用戶註冊時,他們可以執行所有必要的AJAX POST。但是,當他們簽署IN時,他們不能 - 我在服務器端收到「無法驗證CSRF令牌的真實性」。直到我刷新頁面纔會發生這種情況 - 那麼CSRF令牌會更新並且我可以正常進行POST。
任何想法爲什麼這隻發生在註冊用戶登錄後,而不是註冊後或刷新頁面後?下面是我的控制器代碼:
class SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#failure")
sign_in_and_redirect(resource_name, resource)
end
def sign_in_and_redirect(resource_or_scope, resource=nil)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless warden.user(scope) == resource
@badge = resource.badge
return render 'signin.js.erb'
end
def failure
return render :json => {:success => false, :errors => ["Login failed."]}
end
def destroy
redirect_path = '/labs'
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
yield resource if block_given?
# We actually need to hardcode this as Rails default responder doesn't
# support returning empty response on GET request
respond_to do |format|
format.all { head :no_content }
format.any(*navigational_formats) { redirect_to redirect_path }
end
end
end
而且我登記控制器:
class RegistrationsController < Devise::RegistrationsController
def create
build_resource(sign_up_params)
if resource.save
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_navigational_format?
sign_up(resource_name, resource)
return render 'signup.js.erb'
else
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
expire_session_data_after_sign_in!
return render :json => {:success => true}
end
else
clean_up_passwords resource
return render :json => {:success => false}
end
end
# Signs in a user on sign up. You can overwrite this method in your own
# RegistrationsController.
def sign_up(resource_name, resource)
sign_in(resource_name, resource)
end
end
Annnd的AJAX後的問題:
$(document).on('click', '.project_item', function() {
$.ajax({
type: "POST",
url: '/hammer/thing_toggle',
data: 'id=' + $(this).data('id')
});
});
如果你正在使用設計。檢查此提交https://github.com/plataformatec/devise/commit/747751a2他們在登錄後清除了csrf_token – raven