开发者

ActionController::InvalidAuthenticityToken exception in safari while using iframe

开发者 https://www.devze.com 2023-03-27 03:57 出处:网络
While I posted a form from iframe in safari, it gives开发者_StackOverflow中文版 Invalid Authenticity Token exception. If I try without iframe, then it works fine.

While I posted a form from iframe in safari, it gives开发者_StackOverflow中文版 Invalid Authenticity Token exception. If I try without iframe, then it works fine.

Why it is happening? How can I fix this?


The authenticity token is a mechanism that rails uses to protect users from CSRF attacks. Here is a good explanation, taken from Understanding the Rails Authenticity Token

When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.

So basically, for any action that would modify your model rails wants to verify that it is a change originated by you.

Rails does that (through the use of form_for or form_tag helpers) by adding that secret authenticity token to the form with a html tag like this: <input name="authenticity_token" type="hidden" value="Som3Thin10ngAndUGly">

Back to your problem: I've never worked with iframes so I'm not sure what's happening, but my guess is that your iframe form is not passing the authencity_token. If this is the case the solution is simple, just add a hidden input like the one above and use the form_authenticity_token method to set its value.

0

精彩评论

暂无评论...
验证码 换一张
取 消