您的位置: 首页  >  技术问答  >  Rails + Emberjs:无法验证CSRF令牌的真实性

Rails + Emberjs:无法验证CSRF令牌的真实性

分类: 技术问答 2022-05-27 16:20:13
问题描述:

我刚刚使用rails作为具有Emberjs前端的api。我正在获得一个完成的422无法处理的实体,每当我尝试执行POST请求时,无法验证CSRF令牌的真实性

I'm new to using rails as an api with an Emberjs front-end. I'm getting a 'Completed 422 Unprocessable Entity' and Can't verify CSRF token authenticity whenever I try to do a POST request

我看过几个帖子和解决方案说要插入这个函数

I've seen a couple of posts and solutions saying to insert this function

$(function() {
    var token = $('meta[name="csrf-token"]').attr('content');
    return $.ajaxPrefilter(function(options, originalOptions, xhr) {
        return xhr.setRequestHeader('X-CSRF-Token', token);
    });
});

在ember-cli项目中实施CSRF的适当位置在哪里?

Where is the appropriate place to implement CSRF in an ember-cli project?

更新:10/1/2015

我的app / adapters / application.js看起来像这样现在:

my app/adapters/application.js looks something like this now:

import DS from 'ember-data';

export default DS.ActiveModelAdapter.extend({
  headers: Ember.computed(function(){
    var token = Ember.$('meta[name="csrf-token"]').attr('content');

    return {"X-CSRF-Token": token};
  })
});

但是,我仍然收到相同的错误消息...

However, i'm still getting the same error messages...

最简单的解决方案是将其添加到您的清单文件中:

The easiest solution would be to add this to your manifest file:

#= require jquery-ujs

或者你可以扩展你的应用程序适配器, CSRF令牌:

Or you could extend your application adapter to always include CSRF token:

ApplicationAdapter = DS.RESTAdapter.extend
  headers:
    "X-CSRF-Token": $('meta[name="csrf-token"]').attr('content')

相关推荐