English 中文(简体)
铁路申请伪造防护设施
原标题:Rails request forgery protection settings

请帮助铁路的新系统: 页: 1

基本内容是:

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time
  protect_from_forgery
  helper_method :current_user_session, :current_user
  filter_parameter_logging :password, :password_confirmation

我认为应该做的是:它应当防止在无正确的<条码>上申请的持久性有机污染物。 但是,当我提出像以下那样的“ j”职位要求时,它会进行罚款(在数据库中执行的最新说明)。

$.post($(this).attr("href"), { _method: "PUT", data: { test: true } });

在座标中,我看到,在发送的参数中,没有<代码>authenticity_token,但申请仍被视为有效。 为什么如此?

UPD Found config setting in config/environments/development.rb

config.action_controller.consider_all_requests_local = true

由于DEV环境和当地的要求,这些格乌里列斯员额的请求是科索沃。

最佳回答

只要要求<代码>后($(this).attr("href”),{_method:“PUT”数据:{测试:真实}});在自备书中执行,则与你的代码没有任何错误。 如果你在其他地方有另一个人,例如当地东道:3001,你从那里派出一个职位,那就赢得了工作。 如果你在火ox上不作反应;3.0 早就安装了跨站点Xhr。 例如,你可以从任何其他地点派遣一名专业考试和测验员(但所提供的保护——从_forgery转来!) 食肉不必要的原因,是跨地点Xhr残疾。 因此,使用xhr而不提供ken。 如果你试图从除你外的任何地方去做,那么,我确信,这将会带来一个例外,要求打字。 并且,为了防止外部来源的进入,你还应界定交叉主轴。

进行这项工作:curl -X -d url_endpoint_of_your_app。 参见,如果得到200份答复。 如果你这样做的话,就有一些鱼。

时间:2010-04-28 00:01:48
问题回答

也许: 你们是否保证重新分类申请管理员? 你们的路线图象是什么? 铁路的哪一种版本(为了清晰起见)?

你们是否核实了酒吧发出的呼吁实际上是一种不算是GET的。 (我知道,这似乎很明显)。 铁路只能根据非GET的要求提供保护。

此外,请求的连续型。 铁路还只能根据

时间:2010-04-27 21:22:04




相关问题
rails collection_select vs. select

collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...

时间:2009-11-13 11:13:04 回答:3 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
Auth-code with A-Za-z0-9 to use in an URL parameter

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...

时间:2009-11-09 19:05:27 回答:4 展示:1
RubyCAS-Client question: Rails

I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?

时间:2009-11-09 18:52:58 回答:1 展示:1
activerecord has_many :through find with one sql call

I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...

时间:2009-11-09 16:00:01 回答:3 展示:1
Ordering a hash to xml: Rails

I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml

时间:2009-11-09 15:49:30 回答:5 展示:1
Text Editor for Ruby-on-Rails

guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...

时间:2009-11-09 14:40:21 回答:13 展示:1
How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

时间:2009-11-09 14:20:51 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全