admin管理员组

文章数量:1428461

I've setup a Rails 4 app with Ember js using the gems provided on the site

gemfile

gem 'ember-rails'
gem 'ember-source', '1.2.0'

entries_controller.js.coffee

Tut1.EntriesController = Ember.ArrayController.extend

    addEntry: ->
        entry = @store.createRecord(Tut1.Entry,
        name: @get('newEntryName')
        winner: false
    )
    entry.save()

I get this error on the console.

POST http://localhost:3000/entries 422 (OK)

It's posting correctly, but rails is retuning a "ActionController::InvalidAuthenticityToken" which is confusing to me as the host, origin and referer are the same.

Host:localhost:3000
Origin:http://localhost:3000
Referer:http://localhost:3000/

Is it still cross domain? How do I authenticate this request.

I've setup a Rails 4 app with Ember js using the gems provided on the site

gemfile

gem 'ember-rails'
gem 'ember-source', '1.2.0'

entries_controller.js.coffee

Tut1.EntriesController = Ember.ArrayController.extend

    addEntry: ->
        entry = @store.createRecord(Tut1.Entry,
        name: @get('newEntryName')
        winner: false
    )
    entry.save()

I get this error on the console.

POST http://localhost:3000/entries 422 (OK)

It's posting correctly, but rails is retuning a "ActionController::InvalidAuthenticityToken" which is confusing to me as the host, origin and referer are the same.

Host:localhost:3000
Origin:http://localhost:3000
Referer:http://localhost:3000/

Is it still cross domain? How do I authenticate this request.

  • javascript
  • ruby-on-rails
  • ruby
  • ember.js
  • ember-data
Share Improve this question asked Dec 20, 2013 at 8:52 HassHass 1,6361 gold badge18 silver badges31 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 6

there a quite a lot links to that problem out there

http://blog.waymondo./2012-12-18-ember-dot-js-and-rails-authentication-gotchas/

$ ->
  token = $('meta[name="csrf-token"]').attr('content')
  $.ajaxPrefilter (options, originalOptions, xhr) ->
    xhr.setRequestHeader('X-CSRF-Token', token)

It isn't a cross domain request, however, the code in your application controller:

protect_from_forgery with: :exception

is trying to protect against a CSRF attack. It's expecting a valid CSRF token when you post the form. There are some more details here.

An easy way to get around this problem would be to use rails_csrf. It essentially requests a token from your server and then sets the appropriate headers so that the requests are then made with the right CSRF token.

本文标签: javascriptEmber js and Rails 4 CSRFStack Overflow

版权声明:本文标题:javascript - Ember js and Rails 4 CSRF - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745493051a2660687.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。