6

我有一个像这样的简单表格:

<form name="serachForm" method="post" action="/home/search">   
  <input type="text" name="searchText" size="15" value="">
  <input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29">
</form>

以及使用此方法的控制器:

  def busca
    puts params[:searchText]
  end

当我单击表单中的图像按钮时,我得到一个 ActionController::InvalidAuthenticityToken。这是完整的 StackTrace:

/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in send' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support /callbacks.rb:178:in evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:225:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:in run_before_filters' /Library/Ruby/Gems/1.8/gems /actionpack-2.2.2/lib/action_controller/filters.rb:615:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:in perform_action_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/rescue.rb:136:in perform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:inperform_action' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:in cache' /Library/Ruby/Gems/1.8/gems/actionpack-2.2 .2/lib/action_controller/caching/sql_cache.rb:12:in perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in send' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:in process_without_session_management_support' /Library /Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:in process' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/webrick_server.rb :74:in service' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in 要求'/Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:521:in new_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:in 要求'/Library/Ruby/Gems/1.8/gems/rails-2.2 .2/lib/commands/server.rb:49

怎么了?

4

4 回答 4

23

沿着 Nat 的思路,添加

<%= token_tag %>

就在 HTML“表单”标签工作之后

于 2009-11-03T07:43:53.120 回答
9

默认情况下,所有非 GET 操作都需要将真实性令牌与请求一起传递。Rails 使用真实性令牌来避免 CSRF 攻击。

确保它始终存在的最简单方法是使用form_tag帮助程序而不是手动编写 HTML。

<% form_tag "/home/search", :name => "searchForm" do %>
  fields here
<% end %>
于 2009-09-05T22:39:33.217 回答
7

如果您不使用帮助程序来生成表单标签,这就是您使用真实性令牌手动生成隐藏字段的方式:

<input type="hidden" 
       value="<%= form_authenticity_token() %>" 
       name="authenticity_token"/>
于 2009-09-06T12:09:15.373 回答
1

使用上面其他人建议的表单助手将起作用。

由于这是一个搜索表单,该方法实际上应该是“获取”。通常,除非数据库中的某些内容要更改,否则您应该使用“get”。

对搜索表单使用 method='get' 对书签/后退按钮也更友好。

于 2010-11-12T00:06:13.233 回答