我很好奇这一般意味着什么。
但这里是细节..
我正在做一个可排序的 jquery 项目,涉及这个 rails Action :
def update_order
params[:media].each_with_index do |id, index|
media = @organization.media.find(id)
media.do_not_touch = true
media.update_attribute('position', index+1)
end if params[:media]
render :nothing => true
end
我只是在寻找出现此错误的一般原因。
最佳答案
rails automatically checks对于提交数据时的伪造数据。来自文档:
Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn‘t know) in all forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller
您可以为给定的 Ajax 调用禁用此功能,或者您也可以发送一个名为“authenticity_token”且值为 <%= form_authenticity_token %> 的参数。
要禁用它(我不推荐这样做),您可以执行以下操作之一:
class FooController < ApplicationController
protect_from_forgery :except => :update_order
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
关于jquery - 这是什么意思 ? >> ActionController::InvalidAuthenticityToken,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3558816/