本文介绍了如何在Ruby on Rails应用中禁用跨站请求伪造(CSRF)保护,包括三种方法:通过控制器逐个禁用、修改配置文件以及在表单中添加隐藏字段。
第一种:
Ror代码
class FooController < ApplicationController
protect_from_forgery :except => :index
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
class FooController < ApplicationController protect_from_forgery :except => :index # you can disable csrf protection on controller-by-controller basis: skip_before_filter :verify_authenticity_token end
第二种:
修改配置文件config\environments\development.rb
Ror代码
# Disable request forgery protection in development environment
config.action_controller.allow_forgery_protection = false
# Disable request forgery protection in development environment config.action_controller.allow_forgery_protection = false
然后重启服务器
第三种:
在jquery或form中加入
Ruby代码
<%= tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token) %>
Ror代码
class FooController < ApplicationController
protect_from_forgery :except => :index
# you can disable csrf protection on controller-by-controller basis:
skip_before_filter :verify_authenticity_token
end
class FooController < ApplicationController protect_from_forgery :except => :index # you can disable csrf protection on controller-by-controller basis: skip_before_filter :verify_authenticity_token end
第二种:
修改配置文件config\environments\development.rb
Ror代码
# Disable request forgery protection in development environment
config.action_controller.allow_forgery_protection = false
# Disable request forgery protection in development environment config.action_controller.allow_forgery_protection = false
然后重启服务器
第三种:
在jquery或form中加入
Ruby代码
<%= tag(:input, :type => "hidden", :name =>
request_forgery_protection_token.to_s, :value =>
form_authenticity_token) %>
扫一扫
11万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
