出於某種原因,當使用json或xml向我的應用程序發送發佈請求時,我得到一個InvalidAuthenticityToken。我的理解是,軌道應該只需要一個真實性標記爲html或js請求,因此我不應該遇到這個錯誤。我迄今爲止發現的唯一解決方案是禁用protect_from_forgery,以便通過API訪問任何操作,但由於顯而易見的原因,這並不理想。思考?rails - 針對json/xml請求的InvalidAuthenticityToken
def create
respond_to do |format|
format.html
format.json{
render :json => Object.create(:user => @current_user, :foo => params[:foo], :bar => params[:bar])
}
format.xml{
render :xml => Object.create(:user => @current_user, :foo => params[:foo], :bar => params[:bar])
}
end
end
,這就是我得到的日誌每當我傳遞給動作的請求:
Processing FooController#create to json (for 127.0.0.1 at 2009-08-07 11:52:33) [POST]
Parameters: {"foo"=>"1", "api_key"=>"44a895ca30e95a3206f961fcd56011d364dff78e", "bar"=>"202"}
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
thin (1.2.2) lib/thin/connection.rb:76:in `pre_process'
thin (1.2.2) lib/thin/connection.rb:74:in `catch'
thin (1.2.2) lib/thin/connection.rb:74:in `pre_process'
thin (1.2.2) lib/thin/connection.rb:57:in `process'
thin (1.2.2) lib/thin/connection.rb:42:in `receive_data'
eventmachine (0.12.8) lib/eventmachine.rb:242:in `run_machine'
eventmachine (0.12.8) lib/eventmachine.rb:242:in `run'
thin (1.2.2) lib/thin/backends/base.rb:57:in `start'
thin (1.2.2) lib/thin/server.rb:156:in `start'
thin (1.2.2) lib/thin/controllers/controller.rb:80:in `start'
thin (1.2.2) lib/thin/runner.rb:174:in `send'
thin (1.2.2) lib/thin/runner.rb:174:in `run_command'
thin (1.2.2) lib/thin/runner.rb:140:in `run!'
thin (1.2.2) bin/thin:6
/opt/local/bin/thin:19:in `load'
/opt/local/bin/thin:19
這並不能真正爲Web應用程序的工作,雖然。瀏覽器無法運行卷曲。 =( – NullVoxPopuli 2012-02-29 23:14:55
問題是我用curl調試了這個問題,發現發送正確的Content-Type頭是很重要的。 – mlambie 2012-03-07 03:35:08