5
我得到這個警告設計+ Omniauth [警告:無法驗證CSRF令牌真實性]
WARNING: Can't verify CSRF token authenticity
馬上我的回調動作運行之前,即
Started GET "https://stackoverflow.com/users/auth/open_id?openid_url=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid" for 98.xxx.xx.xx at 2011-09-12 16:26:02 -0400
Started GET "https://stackoverflow.com/users/auth/open_id/callback?openid_url=https%3A%2%2Fwww.google.com%2Faccounts ... etc ... etc
Processing by Users::OmniauthCallbacksController#open_id as HTML
Parameters: {"openid_url"=>"https://www.google.com/accounts/o8/id"}
WARNING: Can't verify CSRF token authenticity
Entering Users::OmniauthCallbacksController, omniauth_login
沒有爲請求沒有警告直接來自瀏覽器。我正在使用rails 3.1,設計1.4.5,omniauth 0.2.6。
想法如何解決這個問題?
謝謝!
你能更具體嗎?你在哪裏/如何關閉它?只爲openid身份驗證?否則,它聽起來像它可能會導致潛在的安全漏洞... – gingerlime
只有當你知道**你在做什麼時,你才應該這樣做。如果你打算根據StackOverflow答案關閉'protect_from_forgery',你**不知道你在做什麼! –