CSRF InvalidAuthenticityToken带有rails并做出反应
我无法让我的代码使用CSRF-Token。
我有一个axiosconfig文件,我在其中设置axios并将其导出:
import axios from 'axios' const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content') const instance = axios.create({ baseURL: 'http://api.domain.tld/v1/', headers: { 'X-CSRF-Token': csrfToken } }); export default instance
和我的反应组件我导入它:
import axios from '../config/axios'
以我的forms提交我解雇这个post:
axios .post('/test', { longUrl: this.state.testValue }) .then(function (response) { console.log(response); }) .catch(function (error) { console.log(error); });
我的头像这样:
axios发布的请求是这样的:
来自request-header和我脑袋的CSRF-Tokens是相同的但是我的rails-app响应错误422(Unprocessable Entity)和:
ActionController::InvalidAuthenticityToken
是否有可能出现这种问题:
// `xsrfCookieName` is the name of the cookie to use as a value for xsrf token xsrfCookieName: 'XSRF-TOKEN', // default // `xsrfHeaderName` is the name of the http header that carries the xsrf token value xsrfHeaderName: 'X-XSRF-TOKEN', // default
my / v1 / test看起来像这样:
class Api::V1::IndexController params end end
或者是我的config / application.rb中的内容:
require_relative 'boot' require 'rails/all' # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) module TestAppForMe class Application :any, :methods => [:get, :post, :options] # resource '*', # headers: ['Origin', 'Accept', 'Content-Type', 'X-CSRF-Token'], # :methods => [:get, :post, :options] end end end end
在我的路线我有这样的事情:
constraints subdomain: "api" do scope module: "api" do namespace :v1 do root 'index#index' end end end