javascript - 无法验证跨平台请求的 Rails 上的 CSRF token 真实性

Question

我正在尝试在 Rails 中执行跨平台请求。

我的 html 代码是:-

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
    <link type="text/css" rel="stylesheet" href="bower_components/bootstrap/dist/css/bootstrap.min.css">
    <link type="text/css" rel="stylesheet" href="bower_components/font-awesome/css/font-awesome.min.css">
    <link type="text/css" rel="stylesheet" href="css/style.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>  
</head>
<body>
    <div class="container">
        <form class="new_batches" id="new_batch" accept-charset="UTF-8" >
            <div class="well">
                <div class="form-group row">
                    <label class="control-label col-md-2" for="name">Name </label>
                    <div class="col-md-4">
                        <input class="form-control" id="name" placeholder="Enter Batch Name" type="text" >
                    </div>
                </div>

                <div class="form-group row">
                    <label class="control-label col-md-2">Course ID</label>
                    <div class="col-md-4">
                        <input class="form-control" id="course_id" placeholder="Enter Your Course ID" type="text" >
                    </div>
                </div>

                <div class="form-group row">
                    <label class="control-label col-md-2">Start Date</label>
                    <div class="col-md-4">
                        <input class=" form-control" id="start_date" placeholder="Enter Start Date" type="text" >
                    </div>
                </div>

                <div class="form-group row">
                    <label class="control-label col-md-2"> End Date</label>
                    <div class="col-md-4">
                        <input class="datepicker form-control" id="end_date" placeholder=" Enter End date" type="text" >
                    </div>
                </div>
                <div class="form-group row">
                    <label class="control-label col-md-2">Status</label>
                    <div class="col-md-2">
                        <input name="batch[status]" type="hidden" value="0"><input type="checkbox" value="1" checked="checked"  id="batch_status"> Checked
                    </div>
                </div>

                <div style="margin-left: 110px;">
                    <button type="submit" id="submit-button" class="btn btn-primary ">Submit</button>
                </div>
            </div>
        </form>
    </div>
    <script src="bower_components/jquery/dist/jquery.min.js"></script>
    <script src="bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
</body>
</html>
<script>
	$(document).ready(function(){
		$.ajaxSetup({
		  headers: {
		    'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
		  }
		});
	})
    $(document).ready(function () {
        $('#submit-button').click(function() {
            $.ajax({
			    type: "POST",
			    url: "http://localhost:3000/batches",
			    beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))},
			    xhrFields: {
			    	withCredentials: true
				},
			    data: {     
                    batch: {
                      name: $("#name").val(),
                      course_id: $("#course_id").val(),
                      start_date: $("#start_date").val(),
                      end_date: $("#end_date").val(),
                      status: $("#batch_status").val(),
                      }
			    },
			    dataType: "JSON",
			  error: function(error) {
			  		console.log(error);
			          },
			  success: function(data) {
			             console.log(data);
			             return false;
			          },
			})
        });
    })
</script>

我的后端代码如下:-

class BatchesController < ApplicationController
          def new
            @batch = Batch.new
            respond_to do |format|
              format.json
              format.html
            end
          end

      def create
        @batch = Batch.new(batch_param)
        respond_to do |format|
           if @batch.save
             format.json { render json: @batch, status: :created, location: @batch }
             format.html { redirect_to @batch, notice: "Save process completed!" }
           else
              format.html {
                flash.now[:notice]="Save proccess coudn't be completed!"
                render json: @batch.errors, status: :unprocessable_entity
              }
              format.json { render json: @batch.errors, status: :unprocessable_entity}
          end
        end
      end

    def batch_param
          params.require(:batch).permit(:name, :course_id, :start_date, :end_date, :status)
        end

end

我还将 <%= csrf_meta_tag %> 添加到 myapplication.html.erb 文件中。

但当我提交表单时，我仍然收到以下错误。所以有人可以帮我解决这个问题吗？

Started POST "/batches" for 127.0.0.1 at 2017-01-12 20:11:12 +0545
  ActiveRecord::SchemaMigration Load (0.6ms)  SELECT "schema_migrations".* FROM "schema_migrations"
Processing by BatchesController#create as HTML
  Parameters: {"batch"=>{"name"=>"xyz", "course_id"=>"9", "start_date"=>"2016-12-12", "end_date"=>"2016-12-14", "status"=>"1"}}
Can't verify CSRF token authenticity.
Completed 422 Unprocessable Entity in 13ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

Answer 1

如果有意义，您可以删除 csrf token 验证。只需将其添加到您的 Controller

skip_before_action :verify_authenticity_token