1

我正在尝试学习如何通过 jquery 使用 $.ajax 将一些数据发布到一个简单的 rails 脚手架项目。有一个标准的脚手架创建控制器 => 图像

class ImagesController < ApplicationController
  # GET /images
  # GET /images.json
  def index
    @images = Image.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @images }
    end
  end

  # GET /images/1
  # GET /images/1.json 
  def show
    @image = Image.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @image }
    end
  end

  # GET /images/new
  # GET /images/new.json
  def new
    @image = Image.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @image }
    end
  end

  # GET /images/1/edit
  def edit
    @image = Image.find(params[:id])
  end

  # POST /images
  # POST /images.json
  def create
    @image = Image.new(params[:image])

    respond_to do |format|
      if @image.save
        format.html { redirect_to @image, notice: 'Image was successfully created.' }
        format.json { render json: @image, status: :created, location: @image }
      else
        format.html { render action: "new" }
        format.json { render json: @image.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /images/1
  # PUT /images/1.json
  def update
    @image = Image.find(params[:id])

    respond_to do |format|
      if @image.update_attributes(params[:image])
        format.html { redirect_to @image, notice: 'Image was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @image.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /images/1
  # DELETE /images/1.json
  def destroy
    @image = Image.find(params[:id])
    @image.destroy

    respond_to do |format|
      format.html { redirect_to images_url }
      format.json { head :no_content }
    end
  end
end

一条路线=>资源:图像。数据库模式由一个字段 => t.string :name 组成。我最初的测试 html 文件是:

<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js">    </script>
</head>
<body>
    <script>
    $(document).ready(function(){
        $.ajax({
            type: 'POST', url: "localhost:3000/images",
            data: { name: "johngalt" }
        });
    });
    </script>
</body>

来自 webrick 的结果是:

Started POST "/images" for 127.0.0.1 at 2012-04-17 09:50:19 -0500
Processing by ImagesController#create as */*
  Parameters: {"name"=>"johngalt"}
WARNING: Can't verify CSRF token authenticity
   (0.1ms)  begin transaction
   SQL (63.5ms)  INSERT INTO "images" ("created_at", "name", "updated_at") VALUES (?, ?,  ?)  [["created_at", Tue, 17 Apr 2012 14:50:21 UTC +00:00], ["name", nil], ["updated_at",  Tue, 17 Apr 2012 14:50:21 UTC +00:00]]
   (2.0ms)  commit transaction
 Redirected to http://localhost:3000/images/7
 Completed 302 Found in 81ms (ActiveRecord: 65.6ms)

我不确定为什么名称不包含“johngalt”。这是否与“警告:无法验证 CSRF 令牌真实性”有关?

编辑 当我使用 curl 时:

curl -d "image[name]=johngalt"  localhost:3000/images.json

记录已创建,名称字段包含“johngalt”。从本质上讲,我试图找出 .ajax 相当于做我在 curl 中能够做的事情?

4

1 回答 1

0

当您使用 Railsform_for助手创建表单时,CSRF 令牌会自动添加到您的帖子表单中,旨在保护用户免受跨站点请求伪造攻击。因此,如果您尝试在 javascript 文件中发布,您将无法访问令牌。

如果您愿意,您可以禁用特定操作的 CSRF 令牌身份验证,只要您了解后果即可。

有几种方法可以做到这一点,这里列出:在 Rails 3 中关闭 CSRF 令牌

编辑查看您的 CURL 示例,您似乎在 ajax 发布错误的数据。您正在省略“图像”参数命名空间。尝试:

<script>
$(document).ready(function(){
    $.ajax({
        type: 'POST', url: "localhost:3000/images",
        data: { image: { name: "johngalt" } }
    });
});
</script>
于 2012-04-17T15:02:45.290 回答