我正在一個AJAX POST請求,使用此代碼導軌:Rails和ajax請求:不使用csrf工作?
var new_note = {
title: "New note"
};
$.post('/notes.json',
{
auth_token: auth_token,
note: new_note
},
function(data, textStatus, jqXHR){
console.log(textStatus);
console.log(jqXHR);
var createdNoteIndex = self.notes.push(new Note());
self.openNote(self.notes()[createdNoteIndex - 1]);
}, "json")
.error(function(jqXHR, textStatus, errorThrown){
alert("error");
console.log(jqXHR);
console.log(textStatus);
console.log(errorThrown);
});
,我忘了插入CSRF令牌,所以我想到了創建行動是要失敗的:
# POST /notes.json
def create
@note = current_user.notes.new(params[:note])
if @note.save
respond_with { render json: @note, status: :created, location: @note }
else
respond_with { render json: @note.errors, status: :unprocessable_entity }
end
end
但數據庫中的記錄已創建反正同時要求在500錯誤結束:
Started POST "/notes.json" for 127.0.0.1 at 2012-04-30 15:26:33 +0200
Processing by NotesController#create as JSON
Parameters: {"auth_token"=>"zJzKxPnvx5dQDTcFWi5k", "note"=>{"title"=>"New note"}}
MONGODB (0ms) taccuino_development['users'].find({:_id=>BSON::ObjectId('4f9c670a809ad20869000002')}).limit(-1).sort([[:_id, :asc]])
MONGODB (0ms) taccuino_development['notes'].insert([{"_id"=>BSON::ObjectId('4f9e9309809ad223f5000007'), "title"=>"New note", "user_id"=>BSON::ObjectId('4f9c670a809ad20869000002')}])
Completed 500 Internal Server Error in 8ms
AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".):
app/controllers/notes_controller.rb:26:in `create'
Rendered /home/matteo/.rvm/gems/ruby-1.9.3-p194/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (4.2ms)
Rendered /home/matteo/.rvm/gems/ruby-1.9.3-p194/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (1.5ms)
Rendered /home/matteo/.rvm/gems/ruby-1.9.3-p194/gems/actionpack-3.2.3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (14.8ms)
我沒有禁用CSRF保護,所以應該有鑑於有關令牌丟失的錯誤,但它有沒有...
編輯:readng兩個答案後
我:
- 刪除jquery_ui文件
添加此代碼以取代csrf標記的jquery_ui功能,並設置設備的auth_token:
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (settings.crossDomain) return;
var csrf_token = $('meta[name="csrf-token"]').attr('content');
var auth_token = $('meta[name="auth_token"]').attr('content');
xhr.setRequestHeader('X-CSRF-Token', csrf_token);
xhr.setRequestHeader('auth_token', auth_token);
}
});
刪除了before_file authenticate_user!從控制器和更換相關型號的CURRENT_USER的創建行動,以不同的一個:
def create
@note = Note.new(params[:note])
if @note.save
respond_with { render json: @note, status: :created }
else
respond_with { render json: @note.errors, status: :unprocessable_entity }
end
end
然後,我已經禁用了CSRF保護,但我仍然得到同樣的錯誤......所以,萬阿英,蔣達清是另一個但我真的不明白什麼會導致雙重定向,因爲記錄在數據庫中正確創建...
我不認爲這個錯誤與csrf有關。哪一行是第26行(回溯提到的行) –
是的,我剛剛發現它與respond_with的語法有關,我在這裏使用了與format.json相同的語法,但它似乎不是同...抱歉的時候,你已經失去了 –