我有一个 rails 应用程序，我计划升级到 rails 5。我正在使用 devise(v4.2.0) 和 rails(v5.0.0)。正如设计 README.md 文件中所建议的那样，我尝试将 protect_from_forgery 移动到 before_filter 之上，但是当我尝试登录或更新我的错误时，我仍然收到错误 ActionController::InvalidAuthenticityToken

我的应用程序 Controller 是

class ApplicationController < ActionController::Base
 protect_from_forgery with: :exception, prepend: true
 before_action :configure_permitted_parameters, if: :devise_controller?

  protected

   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
     devise_parameter_sanitizer.permit(:account_update, keys: [:name])
   end

end

我的另一个 BugController 是

class BugsController < ApplicationController
  protect_from_forgery prepend: true, with: :exception
  before_action :authenticate_user!
  before_action :set_bug, only: [:show, :edit, :update]

    def update
      respond_to do |format|
      if @bug.update(bug_params)
        format.html { redirect_to @bug, notice: 'Bug was successfully updated.' }
        format.json { render :show, status: :ok, location: @bug }
     else
        format.html { render :edit }
        format.json { render json: @bug.errors, status: :unprocessable_entity }
     end
     end
   end

private
def bug_params
  params.require(:bug).permit(:product, :component, :title, :description, :status_id, :created_by_id, :assigned_to_id)
end


end

最佳答案

如 Devise documentation 中所示Rails 5 的注释

For Rails 5, note that protect_from_forgery is no longer prepended to the before_action chain, so if you have set authenticate_user before protect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use protect_from_forgery prepend: true.

关于ruby-on-rails - Rails 5 ActionController::InvalidAuthenticityToken 错误，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/38331496/