1

当我尝试使用 CKEditor 上传图像时,出现错误WARNING: Can't verify CSRF token authenticity 和以下内容:

Started POST "/ckeditor/attachment_files?CKEditor=blog_entry_body&CKEditorFuncNum=1&langCode=en" for 127.0.0.1 at 2013-05-28 18:38:57 -0500
Processing by Ckeditor::AttachmentFilesController#create as HTML
Parameters: {"upload"=>#<ActionDispatch::Http::UploadedFile:0x0000000231fef0 @original_filename="me.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"upload\"; filename=\"me.jpg\"\r\nContent-Type: image/jpeg\r\n", @tempfile=#<Tempfile:/tmp/RackMultipart20130528-13870-17wbprr>>, "CKEditor"=>"blog_entry_body", "CKEditorFuncNum"=>"1", "langCode"=>"en"}
WARNING: Can't verify CSRF token authenticity
User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."remember_token" = 'M96bQAv-NGdidsn7hypOJA' LIMIT 1
(0.1ms)  BEGIN
(0.2ms)  ROLLBACK
Rendered text template (0.0ms)
Completed 200 OK in 7ms (Views: 0.8ms | ActiveRecord: 0.7ms)

看起来它正在发生Ckeditor::AttachmentFilesController#create。但是当我安装 CKEditor gem 时,我没有看到这个控制器生成。我在另一篇文章中发现我必须skip_before_filter :verify_authenticity_token,但就像我说的,我没有看到Ckeditor::AttachmentFilesController#create

4

1 回答 1

2

如果你使用的是ckeditor gem,你可以在这里找到控制器:

https://github.com/galetahub/ckeditor/tree/master/app/controllers/ckeditor

但是,看起来他们的 config.js 有针对 csrf 的解决方案,恕我直言,这比skip_before_filer在控制器中执行要好。在此处查看 config.js:

https://github.com/galetahub/ckeditor/blob/master/app/assets/javascripts/ckeditor/config.js

于 2014-01-25T20:01:35.530 回答