ruby - Can't verify CSRF token authenticity

Question

问题：

同样的接口请求，使用get工作正常。
使用post请求提示：
Can't verify CSRF token authenticity

临时的解决方法

在controller 中跳过验证

skip_before_action :verify_authenticity_token, :only => ["your_update_action"]

http://stackoverflow.com/questions/19390389/using-curl-to-access-backend-api-of-rails-app-that-implements-devise

后续疑问

如何通过post请求发送token验证？

Answer 1

Get does not verify csrf. Is your csrf_token placed in the request body?

Answer 2

Usually called in the layout file<%= csrf_meta_tags %> 方法，并在js中引入 jquery_ujs

For example

application.erb

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>you title</title>
  .....
  <%= csrf_meta_tags %>
</head>
<body>
</body>
</html>

application.js

#= require jquery_ujs

Gemfile

gem 'rails-jquery'

Answer 3

Is it included in the form or added to the ajax request body? From your description, it should be that this csrf parameter is not added to the body of the post request