何时为删除操作生成真实性令牌
When is the authenticity token generated for delete actions
我了解到,当您查看 new 和 update 操作的表单时,rails 会生成真实性令牌以防止 CSRF 攻击,但是当动作是 destroy 因此没有形式?
来自 http://guides.rubyonrails.org/security.html#csrf-countermeasures :
To protect against all other forged requests, we introduce a required security token that our site knows but other sites don't know. We include the security token in requests and verify it on the server. This is a one-liner in your application controller, and is the default for newly created rails applications:
protect_from_forgery with: :exception
This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown.
删除 - 在没有表单的情况下完成 - 可能作为 Ajax request 实现并由 protect_from_forgery.
涵盖
我了解到,当您查看 new 和 update 操作的表单时,rails 会生成真实性令牌以防止 CSRF 攻击,但是当动作是 destroy 因此没有形式?
来自 http://guides.rubyonrails.org/security.html#csrf-countermeasures :
To protect against all other forged requests, we introduce a required security token that our site knows but other sites don't know. We include the security token in requests and verify it on the server. This is a one-liner in your application controller, and is the default for newly created rails applications:
protect_from_forgery with: :exception
This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, an exception will be thrown.
删除 - 在没有表单的情况下完成 - 可能作为 Ajax request 实现并由 protect_from_forgery.