无法验证 CSRF 令牌的真实性
Can't verify CSRF token autenticity
我正在尝试安装 Mollie API,但 webhook 无法正常工作。我在 Ruby Rails 4 上工作。它一直说 无法验证 CSRF 令牌真实性 。我尝试了 Whosebug 的几个答案,但它们不起作用。例如。
- skip_before_filter :verify_authenticity_token
- protect_from_forgery 除了:[:notify]
- protect_from_forgery with: :null_session, 如果: -> {request.format.json?}
我的通知控制器看起来像:
class ReservationsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
skip_before_filter :verify_authenticity_token
def preload
training = Training.find(params[:training_id])
today = Date.today
reservations = training.reservations.where("date >= ?", today)
render json: reservations
end
def create
@thrill = Thrill.find(params[:thrill_id])
if @thrill.reservations.length < @thrill.training.tr_max_attendants
@reservation = current_user.reservations.create(reservation_params)
if @reservation
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.create(
amount: 10.00,
description: 'My first API payment',
redirect_Url: 'http://d7459af1.ngrok.io/your_trips',
webhookUrl: 'http://d7459af1.ngrok.io/notify',
metadata: {
reservationid: @reservation.id
}
)
@reservation.update_attributes payid:payment.id
redirect_to payment.payment_url
else
redirect_to @thrill.training, notice: "Helaas, de training is vol"
end
end
end
protect_from_forgery except: [:notify]
# protect_from_forgery with: :null_session, if: -> {request.format.json?}
def notify
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.get(payment.id)
params.permit!
status = params[:payment_status]
if payment.paid?
reservation = Reservation.find(params[:payid])
reservation.update_attributes status:true
else
reservation.destroy
end
render nothing: true
end
protect_from_forgery except: [:your_trips]
def your_trips
@reservations = current_user.reservations.joins(:thrill).order('thrills.thrilldate asc').where('? <= thrills.thrilldate', Date.today)
end
def your_reservations
@trainings = current_user.trainings
end
private
def reservation_params
params.permit(:thrill_id, :user_id)
end
end
如果有人有提示或提示,我们将不胜感激!
谢谢!
您需要在控制器的最顶部调用 protect_from_forgery,或者您可以删除 ApplicationController 中的 protect_from_forgery 调用。
示例:
class ReservationsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
skip_before_filter :verify_authenticity_token
protect_from_forgery except: [:notify, :your_trips]
# actions go below here
请注意,您可以将多个操作传递给 :except 参数
旁注:如果您正在开发仅 JSON API 的应用程序,我建议您查看 Rails API:
https://github.com/rails-api/rails-api
我正在尝试安装 Mollie API,但 webhook 无法正常工作。我在 Ruby Rails 4 上工作。它一直说 无法验证 CSRF 令牌真实性 。我尝试了 Whosebug 的几个答案,但它们不起作用。例如。
- skip_before_filter :verify_authenticity_token
- protect_from_forgery 除了:[:notify]
- protect_from_forgery with: :null_session, 如果: -> {request.format.json?}
我的通知控制器看起来像:
class ReservationsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
skip_before_filter :verify_authenticity_token
def preload
training = Training.find(params[:training_id])
today = Date.today
reservations = training.reservations.where("date >= ?", today)
render json: reservations
end
def create
@thrill = Thrill.find(params[:thrill_id])
if @thrill.reservations.length < @thrill.training.tr_max_attendants
@reservation = current_user.reservations.create(reservation_params)
if @reservation
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.create(
amount: 10.00,
description: 'My first API payment',
redirect_Url: 'http://d7459af1.ngrok.io/your_trips',
webhookUrl: 'http://d7459af1.ngrok.io/notify',
metadata: {
reservationid: @reservation.id
}
)
@reservation.update_attributes payid:payment.id
redirect_to payment.payment_url
else
redirect_to @thrill.training, notice: "Helaas, de training is vol"
end
end
end
protect_from_forgery except: [:notify]
# protect_from_forgery with: :null_session, if: -> {request.format.json?}
def notify
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.get(payment.id)
params.permit!
status = params[:payment_status]
if payment.paid?
reservation = Reservation.find(params[:payid])
reservation.update_attributes status:true
else
reservation.destroy
end
render nothing: true
end
protect_from_forgery except: [:your_trips]
def your_trips
@reservations = current_user.reservations.joins(:thrill).order('thrills.thrilldate asc').where('? <= thrills.thrilldate', Date.today)
end
def your_reservations
@trainings = current_user.trainings
end
private
def reservation_params
params.permit(:thrill_id, :user_id)
end
end
如果有人有提示或提示,我们将不胜感激! 谢谢!
您需要在控制器的最顶部调用 protect_from_forgery,或者您可以删除 ApplicationController 中的 protect_from_forgery 调用。
示例:
class ReservationsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
skip_before_filter :verify_authenticity_token
protect_from_forgery except: [:notify, :your_trips]
# actions go below here
请注意,您可以将多个操作传递给 :except 参数
旁注:如果您正在开发仅 JSON API 的应用程序,我建议您查看 Rails API: https://github.com/rails-api/rails-api