I have a form, that when submitted, it calls a jquery .ajax request like:

我有一个表单，当提交时，它调用jquery .ajax请求:

$.ajax({
 type:"POST",
 url: "/posts/" + id + "/add_comment",
 ..
 ..
});

This website has subdomains, and the session cookie after logging in looks like:

这个网站有子域名，登录后的会话cookie如下:

name: __webt_session
value: ...
host: testsubdomain.lvh.me
path: /
Secure: No
Expires: At end of session

Now when I submit a comment, it doesn't save the comment, it rather redirects to the login page (the html is for the login page, it doesnt' actaully redirect b/c it was an ajax call behind the scenes).

现在，当我提交评论时，它并没有保存评论，而是重定向到登录页面(html是用于登录页面的，它没有actaully重定向b/c，它是后台的ajax调用)。

Does my url for the form action have to include the subdomain?

表单操作的url必须包含子域吗?

BTW, why does it say 'secure: NO'

顺便说一句，为什么它说'secure: NO'

UPDATE

更新

I set the post url to include the full url w/subdomain, and it is still redirecting to the login page. Why isn't it picking up the cookie?

我将post url设置为包含完整的url w/子域，它仍然在重定向到登录页面。为什么不捡起饼干?

When I am on the page that I am posting the form, I am logged in just fine. The url has teh subdomain in it. It must be that when I post to the page, for some reason or another, it thinks I am not logged in and redirects me (you have to be logged in to post a comment). Very confused why it is not picking up the cookie.

当我在页面上发布表单时，我的日志记录良好。url中有teh子域。必须是，当我发布到页面时，出于某种原因，它认为我没有登录并重定向我(你必须登录才能发表评论)。很困惑为什么它没有拿起饼干。

Ideas?

想法吗?

1 个解决方案

<%= csrf_meta_tag %>

<meta name="csrf-param" content="authenticity_token"/> 
<meta name="csrf-token" content="Sm8z1XLTzI5HCy7+MIB+yFXiGUdS1byUHI8brHknirY="/>

document.getElementsByName('csrf-token')[0].content

document.getElementsByName('csrf-param')[0].content

#1

<%= csrf_meta_tag %>

<meta name="csrf-param" content="authenticity_token"/> 
<meta name="csrf-token" content="Sm8z1XLTzI5HCy7+MIB+yFXiGUdS1byUHI8brHknirY="/>

document.getElementsByName('csrf-token')[0].content

document.getElementsByName('csrf-param')[0].content