科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - Rails post can't verify CSRF token authenticity - Stack Overflow

    javascript - Rails post can't verify CSRF token authenticity - Stack Overflow

    programmeradmin5浏览0评论

    I've check this WARNING: Can't verify CSRF token authenticity rails but I still can't figure it out why it cause this error.

    Here is my ajax

     $.post(
      "<%= ajax_chats_path %>",
      {timestamp :(new Date()).getTime(),msg: $('#msg').val()},
      function (json) {
      console.log(json);
    });

    If I add this 

    skip_before_action :verify_authenticity_token

    in controller, it can solve this problem.

    I am not sure it's the right way to do, because it looks like it may encounter some security attack.

    I've check this WARNING: Can't verify CSRF token authenticity rails but I still can't figure it out why it cause this error.

    Here is my ajax

     $.post(
      "<%= ajax_chats_path %>",
      {timestamp :(new Date()).getTime(),msg: $('#msg').val()},
      function (json) {
      console.log(json);
    });

    If I add this 

    skip_before_action :verify_authenticity_token

    in controller, it can solve this problem.

    I am not sure it's the right way to do, because it looks like it may encounter some security attack.

    • javascript
    • jquery
    • ruby-on-rails
    • ajax
    • csrf
    Share Improve this question edited May 23, 2017 at 12:08 CommunityBot 11 silver badge asked May 20, 2016 at 3:56 rj487rj487 4,6347 gold badges49 silver badges94 bronze badges 2
    • please see here. stackoverflow./questions/7203304/… – Shani Commented May 20, 2016 at 4:26
    • I've checked it, but I still don't know how to modify into my ajax. I am new in developing javascript and rails. – rj487 Commented May 20, 2016 at 4:50
    Add a ment  | 

    2 Answers 2

    Reset to default 6

    You're missing the CSRF token in your Ajax call. You'll need to use a long-form $.ajax call, and add this:

    beforeSend: $.rails.CSRFProtection

    Instead of $.post, you can use the $.ajax equivalent, which would look like this:

    $.ajax({
    type: "POST",
    url: "<%= ajax_chats_path %>",
    beforeSend: $.rails.CSRFProtection,
    data: {
        timestamp: (new Date()).getTime(),
        msg: $('#msg').val(),
        beforeSend: $.rails.CSRFProtection
    },
    success: function (json) {
      console.log(json);
    }
});

    You should also strongly consider adding the datatype field to the call, so that jQuery knows the disposition of the response and can handle it accordingly. You can choose from any of "xml", "json", "html", "script", "jsonp", or "text". See the jQuery.ajax() API documentation for more details.

    This is worked for me,

    $.ajax({
  beforeSend(xhr) {
    xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))
  },

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论