此应用程序在本地主机上运行良好,但在部署到Heroku时失败。
当我尝试登录时,我在日志中得到这个错误
Error R14 (Memory quota exceeded)
Started POST "/users/sign_in?locale=en" for 115.31.132.11 at 2022-07-04 15:19:04 +0000
Processing by Users::SessionsController#create as HTML
Parameters: {"authenticity_token"=>"gLidqKg8CS6bv....", "user"=>{"email"=>"test@gmail.com", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in", "locale"=>"en"}
Can't verify CSRF token authenticity.
Started GET "/profiles?locale=en" for XXX.XXX.XXX.XXX at 2022-07-04 16:40:43 +0000
Processing by ProfilesController#index as HTML
Parameters: {"locale"=>"en"}
Completed 401 Unauthorized in 84ms (Allocations: 1320)
Started GET "/users/sign_in?locale=en" for X.X.X.X at 2022-07-04 16:40:43 +0000
Processing by Users::SessionsController#new as HTML
可以看到,CSFT元数据是在POST请求中提交的。我正在使用Heroku与SSL证书。Cloudflare。
app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
配置/环境/production.rb
config.force_ssl = false
config.cache_store = :redis_cache_store, {
namespace: 'cache',
expires_in: 24.hours,
driver: :hiredis,
url: ENV.fetch("REDIS_CACHE_URL") { "redis://localhost:6379/1" },
}
config.session_store :cookie_store, expire_after: 1.year, domain: :all
Heroku ENV SECRET_TOKEN存在
编辑:我发现问题是域:所有. 我需要domain::all,因为我需要跨子域共享会话。(fr.dashboard.example.com, es.dashboard.example.com等)
config.session_store :cookie_store, expire_after: 1.year, domain: :all
我解决了改变
domain: :all
domain: '.example.com'