问题描述

我在 Devise 上遇到了一个非常奇怪的问题.我设置了一个接受 get 和 post 请求的路由.在 get 上，它显示表单，在 post 上，它提交它.

Im having a really strange problem with Devise. I have a route set up that accepts both get and post requests. On a get, it shows the form, on the post, it submits it.

当我向路由发送 XHR 帖子时，当它到达那里时，它告诉我我没有登录，并向我发送未经授权的 401.之后我必须登录，然后我才能重试.

When I send a post XHR to the route, when it gets there it tells me that I am not logged in, and sends me a 401 unauthorized. After that I have to log in, and then I can try again.

我已经尝试了几个小时来解决这个问题，我所能弄清楚的是我的控制器方法没有被调用.我在过滤器之前输入了我自己的自定义身份验证，它只是确认当我的 rails 应用程序被调用时，用户不再登录.

I have been trying to figure this out for hours, all I have been able to figure out is that my controller method is not getting called. I put in my own custom auth before filter, and it just confirmed that by the time my rails app gets called, the user is no longer logged in.

另外，如果我打开表单，但不提交，我可以照常继续.在那个 XHR 的某个地方，它让设计让我退出.

Also, if I open up the form, but dont submit it, I can continue on as normal. Somewhere in that XHR it is making devise log me out.

如果您有任何想法，请帮忙，我不知道现在发生了什么......

If you have any ideas please help, I have no idea what is going on right now...

谢谢

-斯科特

添加相关代码片段

routes.rb

match 'projects/:p/filebox' => 'projects#show', :via => ["get","post"], :as => 'project_filebox'

projects_controller.rb

projects_controller.rb

before_filter :authenticate_user! # <--- By the time this gets called, the user is logged out
def show
# ^^^^ Doesnt get called. Logger shows that it recognized route though
logger.debug "-----------projects#show"
logger.debug "Current user logged in:"+user_signed_in?.to_s

正在提交的表单

<form class="upload" action="<%= project_filebox_path(@project) %>?n=7&cType=<%= cType %>&fid=<%= fid %>" method="post" enctype="multipart/form-data">
    <input type="file" name="file" multiple/>
    <button>Upload</button>
    <div>Add / Drag Files To Upload</div>
</form>

正在上传 XHR 的 Javascript

Javascript that is uploading the XHR

formDataUpload = function (files, xhr, settings) {
            var formData = new FormData(),
                i;
            $.each(getFormData(settings), function (index, field) {
                formData.append(field.name, field.value);
            });
            for (i = 0; i < files.length; i += 1) {
                formData.append(settings.fieldName, files[i]);
            }
            xhr.send(formData);
        }

如果我错过了一些相关的代码，请告诉我

If I missed some relevant piece of code let me know

推荐答案

除了 JS 之外，这里没有太多可做的，但是您遇到了一个非常强烈的变化，因为 CSRF 令牌没有被设置为您的请求的一部分.这在各种 Rails 3.0.x 版本中发生了变化，如果没有代码就很难确定.

There's not that much to go on here other than the JS, but there's a really strong change you're having the problem because the CSRF token isn't being set as part of your request. This has changed in various Rails 3.0.x releases so hard to know for sure without code.

一个简单的测试是关闭 CSRF(例如，从 ApplicationController 中删除protect_from_forgery).如果它有效，您就有了答案，并且需要确保令牌被传递或您以其他方式处理伪造保护.

One dead simple test would be to turn off CSRF (e.g. remove protect_from_forgery from ApplicationController). If it works, you have the answer and need to make sure the token gets passed around or you otherwise handle forgery protection.

这篇关于设计在帖子上登出到不同的路线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！