Rails的簡單形式給出了InvalidAuthenticityToken錯誤

Question

我有一個簡單的形式是這樣的：

<form name="serachForm" method="post" action="/home/search"> 
    <input type="text" name="searchText" size="15" value=""> 
    <input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29"> 
</form> 

而且這種方法的控制器：

def busca 
    puts params[:searchText] 
    end 

當我這樣做對圖像按鈕單擊窗體我得到一個ActionController :: InvalidAuthenticityToken。下面是完整的堆棧跟蹤：

/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in 發送」 /庫/紅寶石/寶石/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in 調用' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters。 RB：225：在 call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:in run_before_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:615:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:in perform_action_without_benchmark」 /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2 /lib/action_controller/rescue.rb:136:in perform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:in perform_action' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:in cache' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:12:in perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in send' /Library/Ruby/Gems/1.8/gems/actionpack -2.2.2/lib/action_controller/base.rb：524：在 process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:in process_without_session_management_support' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:in process' /Library/Ruby/Gems/1.8/gems/rails-2.2.2 /lib/webrick_server.rb:74:in service' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in 需要 ' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:521:in new_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in 需要' /庫/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/server.rb:49

發生了什麼事？

Answer 1

默認情況下，所有非GET操作要求的真實性令牌是隨請求一起傳遞。 Rails使用真實性標記來避免CSRF攻擊。

確保始終到位的最簡單方法是使用form_tag幫助程序，而不是手動編寫HTML。

<% form_tag "/home/search", :name => "searchForm" do %> 
    fields here 
<% end %> 

Answer 2

protect_from_forgery：只=> [：創建，：更新：摧毀]會爲你節省一些麻煩:)（在控制器類）

Answer 3

如果不使用助手來生成表單標籤，你這是怎麼手動真實性令牌生成隱藏字段：

<input type="hidden" 
     value="<%= form_authenticity_token() %>" 
     name="authenticity_token"/> 

Answer 4

隨着納特的線條，增添

<%= token_tag %> 

的HTML「格式」標籤的作品剛過

Answer 5

使用表單幫手，正如其他人建議以上編輯將工作。

雖然這是一個搜索表單，但該方法實際上應該是'get'。一般來說，除非數據庫中的某些內容會發生變化，否則應該使用'get'。

對於搜索表單，使用method ='get'更具書籤/後退按鈕友好性。