401嘗試將Backbone模型保存到rails db時未經授權嘗試

Question

我試圖通過Rails將數據庫中的歌曲（在BBone世界中）與數據庫匹配。嘗試保存在BBone視圖中時，我一直在獲取POST http://localhost:3000/songs 401 (Unauthorized)。軌道控制檯錯誤如下。看起來，發送到Rails的參數在字段中被複制（刪除的數據在Rails錯誤之下，所以看到嵌套），但是這會阻止數據被保存，而是會產生這個錯誤，而不是更多的東西沿着'太多領域'的路線。

就未經授權而言，這是沒有意義的，因爲用戶ID正在填充。 有什麼想法？

使用gem 'rails-backbone'

骨幹型號：

//filename: song.js 
define([ 
    'underscore', 
    'backbone', 
    'backbone/collections/components' 
], function(_, Backbone, componentCollection) { 
    var songModel = Backbone.Model.extend({ 
    paramRoot: 'song', 
    defaults: { 
     title: '', 
     content: '', 
     user: '', 
     components: componentCollection 
    }, 
    initialize: function(){ 
    } 
    }); 

    return songModel; 
}); 

骨幹網查看：

// Filename: views/songs/new_view 
define([ 
    'jquery', 
    'underscore', 
    'backbone', 
    // Pull in the Collection module from above 
    'backbone/collections/songsCollection', 
    // 'backbone/views/songs/a_song_view', 
    'text!backbone/templates/songs/new.html', 
    'app/dispatch', 
    'app/state' 
], function($, _, Backbone, SongsCollection, songsTemplate, dispatch, state){ 
    return Backbone.View.extend({ 
el: $('#songs'), 

initialize: function(options){ 
    //...... 
}, 

save: function(e){ 
    e.preventDefault(); 
    e.stopPropagation(); 
    var JSONSong = JSON.stringify(this.model.toJSON()); 
    this.model.unset("errors"); 
    this.model.set({ 
    title: $('#title').val(), 
    content: JSONSong, 
    user: $('#user').val() 
    }); 
    return this.collection.create(this.model.toJSON(), { 
    success: function(song) { 
     console.log('saved!'); 
     this.model = song; 
     return window.location.hash = "/" + this.model.id; 
    }, 
    error: function(song, jqXHR) { 
     return this.model.set({ 
     errors: $.parseJSON(jqXHR.responseText) 
     }); 
    } 
    }); 
}, 

render: function(){ 
    $(this.el).html(''); 
    var compiledTemplate = _.template (songsTemplate, this.model.toJSON()); 
    $(this.el).html(compiledTemplate); 
    return this; 
}, 
}); 
}); 

的Rails架構：

ActiveRecord::Schema.define(:version => 20130222200403) do 


    create_table "songs", :force => true do |t| 
    t.string "title" 
    t.string "content" 
    t.datetime "created_at", :null => false 
    t.datetime "updated_at", :null => false 
    t.integer "user_id" 
    end 

    create_table "users", :force => true do |t| 
    t.string "email",     :default => "", :null => false 
    t.string "encrypted_password",  :default => "", :null => false 
    t.string "reset_password_token" 
    t.datetime "reset_password_sent_at" 
    t.datetime "remember_created_at" 
    t.integer "sign_in_count",   :default => 0 
    t.datetime "current_sign_in_at" 
    t.datetime "last_sign_in_at" 
    t.string "current_sign_in_ip" 
    t.string "last_sign_in_ip" 
    end 

    add_index "users", ["email"], :name => "index_users_on_email", :unique => true 
    add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true 

end 

Rails的控制檯錯誤：

Started POST "/songs" for 127.0.0.1 at 2013-02-25 16:45:56 -0500 
Processing by SongsController#create as JSON 
    Parameters: {"title"=>"1234", "content"=>"{\"title\":\"1234\",\"content\":\"{\\\"title\\\":\\\"\\\",\\\"content\\\":\\\"\\\",\\\"user\\\":\\\"\\\",\\\"components\\\":[{\\\"label\\\":\\\"Snare\\\",\\\"img\\\":\\\"snare.png\\\",\\\"mute\\\":false,\\\"sample\\\":\\\"808_sd.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Hi Hat\\\",\\\"img\\\":\\\"hihat.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"808_chh.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Kick Drum\\\",\\\"img\\\":\\\"kick.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"808_bd.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":false,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Synth\\\",\\\"img\\\":\\\"synth.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"ambass.mp3\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"}]}\",\"user\":\"1\",\"components\":[{\"label\":\"Snare\",\"img\":\"snare.png\",\"mute\":false,\"sample\":\"808_sd.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Hi Hat\",\"img\":\"hihat.png\",\"mute\":true,\"sample\":\"808_chh.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Kick Drum\",\"img\":\"kick.png\",\"mute\":true,\"sample\":\"808_bd.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":false,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Synth\",\"img\":\"synth.png\",\"mute\":true,\"sample\":\"ambass.mp3\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"}]}", "user"=>"1", "components"=>[{"label"=>"Snare", "img"=>"snare.png", "mute"=>false, "sample"=>"808_sd.m4a", "measures"=>[{"label"=>"0/4", "beats"=>[{"selected"=>false}, {"selected"=>false}, {"selected"=>false}, {"selected"=>false}], "numberOfBeats"=>0, "divisions"=>8}], "active"=>true, "signature"=>4, "representation"=>"fraction"}, {"label"=>"Hi Hat", "img"=>"hihat.png", "mute"=>true, "sample"=>"808_chh.m4a", "measures"=>[{"label"=>"0/4", "beats"=>[{"selected"=>false}, {"selected"=>false}, {"selected"=>false}, {"selected"=>false}], "numberOfBeats"=>0, "divisions"=>8}], "active"=>true, "signature"=>4, "representation"=>"fraction"}, {"label"=>"Kick Drum", "img"=>"kick.png", "mute"=>true, "sample"=>"808_bd.m4a", "measures"=>[{"label"=>"0/4", "beats"=>[{"selected"=>false}, {"selected"=>false}, {"selected"=>false}, {"selected"=>false}], "numberOfBeats"=>0, "divisions"=>8}], "active"=>false, "signature"=>4, "representation"=>"fraction"}, {"label"=>"Synth", "img"=>"synth.png", "mute"=>true, "sample"=>"ambass.mp3", "measures"=>[{"label"=>"0/4", "beats"=>[{"selected"=>false}, {"selected"=>false}, {"selected"=>false}, {"selected"=>false}], "numberOfBeats"=>0, "divisions"=>8}], "active"=>true, "signature"=>4, "representation"=>"fraction"}], "song"=>{"title"=>"1234", "content"=>"{\"title\":\"1234\",\"content\":\"{\\\"title\\\":\\\"\\\",\\\"content\\\":\\\"\\\",\\\"user\\\":\\\"\\\",\\\"components\\\":[{\\\"label\\\":\\\"Snare\\\",\\\"img\\\":\\\"snare.png\\\",\\\"mute\\\":false,\\\"sample\\\":\\\"808_sd.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Hi Hat\\\",\\\"img\\\":\\\"hihat.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"808_chh.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Kick Drum\\\",\\\"img\\\":\\\"kick.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"808_bd.m4a\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":false,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"},{\\\"label\\\":\\\"Synth\\\",\\\"img\\\":\\\"synth.png\\\",\\\"mute\\\":true,\\\"sample\\\":\\\"ambass.mp3\\\",\\\"measures\\\":[{\\\"label\\\":\\\"0/4\\\",\\\"beats\\\":[{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false},{\\\"selected\\\":false}],\\\"numberOfBeats\\\":0,\\\"divisions\\\":8}],\\\"active\\\":true,\\\"signature\\\":4,\\\"representation\\\":\\\"fraction\\\"}]}\",\"user\":\"1\",\"components\":[{\"label\":\"Snare\",\"img\":\"snare.png\",\"mute\":false,\"sample\":\"808_sd.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Hi Hat\",\"img\":\"hihat.png\",\"mute\":true,\"sample\":\"808_chh.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Kick Drum\",\"img\":\"kick.png\",\"mute\":true,\"sample\":\"808_bd.m4a\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":false,\"signature\":4,\"representation\":\"fraction\"},{\"label\":\"Synth\",\"img\":\"synth.png\",\"mute\":true,\"sample\":\"ambass.mp3\",\"measures\":[{\"label\":\"0/4\",\"beats\":[{\"selected\":false},{\"selected\":false},{\"selected\":false},{\"selected\":false}],\"numberOfBeats\":0,\"divisions\":8}],\"active\":true,\"signature\":4,\"representation\":\"fraction\"}]}"}} 
WARNING: Can't verify CSRF token authenticity 
Completed 401 Unauthorized in 1ms 

參數與刪除的所有內容：

Parameters: {"title"=>"1234", "content"=>"{\"title\":\"1234\",\"content\":\"{}", "user"=>"1", "components"=>[], "song"=>{"title"=>"1234", "content"=>"{}"}} 

Answer 1

我附CSRF PARAM和令牌模型發送到數據庫。

//To pass the variable safely in from BBone to Rails 3.2, you have to include the csrf param and token 
    toBeSavedSong.set($("meta[name=csrf-param]").attr('content'), $("meta[name=csrf-token]").attr('content')); 

Answer 2

的CSRF令牌應包括在Ajax請求有這個成功的。

解決方案爲您提供：

確保您的網頁有「」一節中CSRF令牌。如果沒有，可能是因爲你在application.html.erb佈局文件中錯過了一個標籤。應該有 「<％= csrf_meta_tags％>」 佈局

<!DOCTYPE html> 
<html> 
<head> 
    <title>Site name</title> 
    <%= stylesheet_link_tag "application", :media => "all" %> 
    <%= javascript_include_tag "application" %> 
    <%= csrf_meta_tags %> 
</head> 
<body> 

<%= yield %> 

</body> 
</html> 

檢查您的jQuery（或骨幹使用的其他庫）。確保它已更新。我相信jQuery應該在Ajax請求中包含CSRF令牌

如果兩者都不適用於您，您可以禁用CSRF令牌檢查（如果您正在執行公共網站，則存在CSRF安全問題）。禁用它通過在應用程序中刪除這一行/控制器/ application_controller.rb

protect_from_forgery