所以我在這裏我使用設計的電子郵件登錄一個完全工作4.2 Rails應用程序,並且完全用於設計無關的Oauth流omniauth。Rails的4.2升級到5個結果中的ActionController :: InvalidAuthenticityToken
我決定更新到5.1.2的Rails,並得到了可怕的CSRF InvalidAuthenticityToken。嘗試通過設計(電子郵件)登錄或使用omniauth時發生這種情況。
Sessions Controller沒有任何相關性,沒有before_ filters,沒有特定的方法。
Started POST "https://stackoverflow.com/users/sign_in" for 127.0.0.1 at 2017-07-09 22:32:25 -0100
Processing by Users::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"eTJnjnTDNbahT+W8ajr9fH8tGSC0wfismuNbwr0qtQkYoCoFqDm5kZ+nlwAnz+RbLL4v41oqgmqJzaIVJYWxXw==", "user"=>{"email"=>"*****@gmail.com", "password"=>"[FILTERED]"}, "commit"=>"log in"}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (5.1.2) lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
的HTML被渲染與CSRF標題:
<meta name="csrf-param" content="authenticity_token">
<meta name="csrf-token" content="eTJnjnTDNbahT+W8ajr9fH8tGSC0wfismuNbwr0qtQkYoCoFqDm5kZ+nlwAnz+RbLL4v41oqgmqJzaIVJYWxXw==">
而且形式以及上:
<input type="hidden" name="authenticity_token" value="eTJnjnTDNbahT+W8ajr9fH8tGSC0wfismuNbwr0qtQkYoCoFqDm5kZ+nlwAnz+RbLL4v41oqgmqJzaIVJYWxXw==">
當通過omniauth嘗試:
Started GET "/auth/linkedin" for 127.0.0.1 at 2017-07-09 23:10:47 -0100
I, [2017-07-09T23:10:47.726334 #33989] INFO -- omniauth: (linkedin) Request phase initiated.
Started GET "/auth/linkedin/callback?code=AQTYEqh7Ly5soZIFs_XfERBDL-EzRb-q_tkJgIIpLZWhlpcNLG6Ib9dQg2_74gRjDquZp_B3zTXjaBgpoRnJgbVoyVyMad0Ft8kjyMkTdhxPgWO5jbA&state=7f63139d28f961f32c789d07cc7ddfb6cd7c09b26af91733" for 127.0.0.1 at 2017-07-09 23:10:48 -0100
I, [2017-07-09T23:10:48.980311 #33989] INFO -- omniauth: (linkedin) Callback phase initiated.
E, [2017-07-09T23:10:48.980683 #33989] ERROR -- omniauth: (linkedin) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
E, [2017-07-09T23:10:48.981033 #33989] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
OmniAuth::Strategies::OAuth2::CallbackError (csrf_detected | CSRF detected):
我已經嘗試過:
protect_from_forgery with: :exception, prepend: false
(&真)
硬編碼在config/secrets.yml
:具有Env的可變
我先前使用這個上沿着
secret_key_base: <%= ENV['SECRET_KEY_BASE'] %>
:
development:
secret_key_base: 0beec021fbe866716933a1da494be36f21bb6cf446ab7d315eb129706931bb2b284aa8e5507d0ab829abb8c2155958b47500aeadd5eace9cdc27643121cf6adf
&試圖與:
# Load the Rails application.
require_relative 'application'
# Load the app's custom environment variables here, before environments/*.rb
app_env_vars = File.join(Rails.root, 'config', 'initializers', 'app_env_vars.rb')
secret = File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')
load(app_env_vars) if File.exists?(app_env_vars)
load(secret) if File.exists?(secret)
# Initialize the Rails application.
Rails.application.initialize!
嘗試沒有它,並通過在該文件中定義的所有環境變量的.bash_profile終端負載。
所以基本上我跑出去的想法,如果您有任何,請分享,感謝
從5.0.4升級到5.1.2後,我面臨完全相同的問題。你能找到根本原因嗎? – Juampi
@Juampi我沒有 - 我沒有看,因爲我通過將項目內容複製到新的rails 5.1.2項目文件夾中解決了這個問題。既然它從一開始就起作用,我會想象這是'rails'更新程序忘記更改的一些東西? –
@Juampi也許它甚至是設計安裝?也許這是值得複製你的項目文件夾,卸載設計,刪除寶石,捆綁安裝,把寶石回來,安裝,複製你的自定義設計控制器和視圖回來,看看它是否工作?如果這個作品在你的「真實」項目上做了同樣的事情 –