2009-07-07 168 views
5

好吧,從我讀過的其他網站和堆棧溢出中,Rails會拋出此認證令牌錯誤,因爲我的表單不通過令牌 - 這是一項安全功能。這我明白。Rails認證令牌和Ajax

但是我真的沒有一種形式。我在這裏有一個Ajax - 我的javascript將id'ed信息發佈到處理函數中。

所以我的問題是,如何才能獲得認證令牌,以我的控制器?

我的視圖看起來像這樣:

<% for transaction in @transactions %> 
     <% if transaction["category"] == '' %> 
     <% transaction["category"] = "Uncategorized" %> 
         <% end %> 

         <tr title = "<% if params[:type] %><%= params[:type] %><% else %>Purchases<% end %> <%= transaction["id"] %>" > 

          <td class="check"><a class="help" href="#"><img src="/images/icons/help.png" alt="?" /></a><input type="checkbox" /></td> 
          <td class="date"><% if transaction["date"] != "0000-00-00 00:00:00" %><%= transaction["date"].to_date.strftime("%B %d") %><% end %></td> 

          <% if params[:type] == "Bills" || params[:type] == "Reimbursements" %> 
          <td class="payee"><%= transaction["payee"] %></td> 
          <td class="details"><%= transaction["details"] %></td> 
          <% else %> 
          <td class="description"><% if transaction["detail"] == "undefined" %>n/a<% else %><%= transaction["detail"] %><% end %></td> 
          <td class="category">n/a</td> 
          <% end %> 

          <td class="amount">-$<%= transaction["amount"] %></td> 
         </tr> 

        <% end %> 

相應AJAX是如下:

/* send ids by ajax */ 
$('#tableActions li a').click(function() { 
    if(!$(this).hasClass('disabled')) { 
     action = $(this).text(); 
     ids = new Array(); 
     i = 0; 
     $('td.check input','#tableHolder').each(function() { if($(this).attr('checked')) { ids[i++] = $(this).parents('tr').attr('title'); } }); 
     $.ajax({ 
      type: "POST", 
      url: "/bulkaction", 
      data: "=" + action + "&ids=" + ids + "&authenticity_token=" + encodeURIComponent(AUTH_TOKEN), 
      success: function(data){ 
       $('#tableHolder').html(data); 
       /* bring back all functionality */ 
       initTable(); 
       /* set default sorting by date desc */ 
       $('th').removeClass('sortUp sortDown'); 
       $('th:eq(1)').addClass('sortDown'); 
       /* disable all actions */ 
       $('#tableActions li a').addClass('disabled'); 

      } 
     }); 
    } 
    return false; 
}); 

在控制器我的處理邏輯看起來像

def bulkaction 
      if request.post? 
       ids = params[:ids] 
       #Need to create a function here to parse out my string 
       puts ids #for testing purposes, just put my ids onto the console 
      end 

puts "This function was accessed and ran." 
end 

最後控制檯說

Processing UserController#bulkaction (for ::ffff:xx.xxx.xxx.xxx at 2009-07-06 23                    :29:49) [POST] 
    Parameters: {"ids"=>"Purchases 10040963"} 

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticit                    yToken): 
    /usr/local/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' 
    /usr/local/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:95:in `start' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:92:in `each' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:92:in `start' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:23:in `start' 
    /usr/local/lib/ruby/1.8/webrick/server.rb:82:in `start' 

如果有人能告訴我,我要去哪裏錯了這將是非常有益的。

回答

6

解決了!改變了阿賈克斯

data: "=" + action + "&ids=" + ids + "&authenticity_token=" + AUTH_TOKEN, 

我加入到頭部的每一頁

<%= javascript_tag "const AUTH_TOKEN = #{form_authenticity_token.inspect};" if protect_against_forgery? %> 
1

henrik.nyh.se似乎是向下的網站。其中的版本還包含一個錯誤,它將獲取請求轉變爲使用Internet Explorer的發佈請求。這個固定版本是從:http://www.justinball.com/2009/07/08/jquery-ajax-get-in-firefox-post-in-internet-explorer/

jQuery(document).ajaxSend(function(event, request, settings) { 
    if (typeof(AUTH_TOKEN) == "undefined") return; 
    if (settings.type == 'GET') return; // Don't add anything to a get request let IE turn it into a POST. 
    settings.data = settings.data || ""; 
    settings.data += (settings.data ? "&" : "") + "authenticity_token=" + encodeURIComponent(AUTH_TOKEN); 
});