I have a form, that when submitted, it calls a jquery .ajax request like:
我有一个表单,当提交时,它调用jquery .ajax请求:
$.ajax({
type:"POST",
url: "/posts/" + id + "/add_comment",
..
..
});
This website has subdomains, and the session cookie after logging in looks like:
这个网站有子域名,登录后的会话cookie如下:
name: __webt_session
value: ...
host: testsubdomain.lvh.me
path: /
Secure: No
Expires: At end of session
Now when I submit a comment, it doesn't save the comment, it rather redirects to the login page (the html is for the login page, it doesnt' actaully redirect b/c it was an ajax call behind the scenes).
现在,当我提交评论时,它并没有保存评论,而是重定向到登录页面(html是用于登录页面的,它没有actaully重定向b/c,它是后台的ajax调用)。
Does my url for the form action have to include the subdomain?
表单操作的url必须包含子域吗?
BTW, why does it say 'secure: NO'
顺便说一句,为什么它说'secure: NO'
UPDATE
更新
I set the post url to include the full url w/subdomain, and it is still redirecting to the login page. Why isn't it picking up the cookie?
我将post url设置为包含完整的url w/子域,它仍然在重定向到登录页面。为什么不捡起饼干?
When I am on the page that I am posting the form, I am logged in just fine. The url has teh subdomain in it. It must be that when I post to the page, for some reason or another, it thinks I am not logged in and redirects me (you have to be logged in to post a comment). Very confused why it is not picking up the cookie.
当我在页面上发布表单时,我的日志记录良好。url中有teh子域。必须是,当我发布到页面时,出于某种原因,它认为我没有登录并重定向我(你必须登录才能发表评论)。很困惑为什么它没有拿起饼干。
Ideas?
想法吗?
1 个解决方案
#1
1
Make sure that your post has the rails authenticity_token
if your controller's action has protect_from_forgery
如果您的控制器的操作有protect_from_forgery,请确保您的post具有rails authenticity_token。
In rails 3.0.x (x > 3) if verify_authenticity_token
fails, it logs you out, so your authentication will fail.
在rails 3.0。如果verify_authenticity_token失败,它会将您注销,因此您的身份验证将失败。
UPDATE
更新
To do this in your javascript post, you'll want to add a post parameter called authenticity_token
. The value of this parameter can be determined in two ways:
要在javascript post中执行此操作,您需要添加一个名为authenticity_token的post参数。这个参数的值可以通过以下两种方式来确定:
1) In your controller call form_authenticity_token
and pass this value to the javascript.
1)在您的控制器中调用form_authenticity_token并将此值传递给javascript。
2) In your layout, add this line
在你的布局中,添加这条线。
<%= csrf_meta_tag %>
This will add the following to the head of your document
这将向您的文档头部添加以下内容。
<meta name="csrf-param" content="authenticity_token"/>
<meta name="csrf-token" content="Sm8z1XLTzI5HCy7+MIB+yFXiGUdS1byUHI8brHknirY="/>
You can retrive the post value with a little javascript like this:
您可以使用这样的javascript来检索post值:
document.getElementsByName('csrf-token')[0].content
In this version, you can be uber correct and use the value of
在这个版本中,你可以正确使用uber的价值。
document.getElementsByName('csrf-param')[0].content
to determine the name of the post parameter
确定post参数的名称。
#1
1
Make sure that your post has the rails authenticity_token
if your controller's action has protect_from_forgery
如果您的控制器的操作有protect_from_forgery,请确保您的post具有rails authenticity_token。
In rails 3.0.x (x > 3) if verify_authenticity_token
fails, it logs you out, so your authentication will fail.
在rails 3.0。如果verify_authenticity_token失败,它会将您注销,因此您的身份验证将失败。
UPDATE
更新
To do this in your javascript post, you'll want to add a post parameter called authenticity_token
. The value of this parameter can be determined in two ways:
要在javascript post中执行此操作,您需要添加一个名为authenticity_token的post参数。这个参数的值可以通过以下两种方式来确定:
1) In your controller call form_authenticity_token
and pass this value to the javascript.
1)在您的控制器中调用form_authenticity_token并将此值传递给javascript。
2) In your layout, add this line
在你的布局中,添加这条线。
<%= csrf_meta_tag %>
This will add the following to the head of your document
这将向您的文档头部添加以下内容。
<meta name="csrf-param" content="authenticity_token"/>
<meta name="csrf-token" content="Sm8z1XLTzI5HCy7+MIB+yFXiGUdS1byUHI8brHknirY="/>
You can retrive the post value with a little javascript like this:
您可以使用这样的javascript来检索post值:
document.getElementsByName('csrf-token')[0].content
In this version, you can be uber correct and use the value of
在这个版本中,你可以正确使用uber的价值。
document.getElementsByName('csrf-param')[0].content
to determine the name of the post parameter
确定post参数的名称。