我正在从JS应用程序发送:
let config = {
method: 'POST',
headers: { 'Content-Type':'application/x-www-form-urlencoded' },
body: `email=${creds.email}&password=${creds.password}`
}
fetch('http://localhost:3000/sessions', config)
在我的 Rails 控制器中:
class SessionsController < ApplicationController
def create
@user = User.where(email: params[:email]) # this doesn't work!
end
end
我收到一个 400 错误请求:
Started POST "/sessions" for 127.0.0.1 at 2017-08-25 23:56:56 +0200
Error occurred while parsing request parameters.
Contents:
email=hello&password=moto
ActionDispatch::Http::Parameters::ParseError
(743: unexpected token at 'email=hello&password=moto'):
任何人都可以阐明如何处理JS中的这些数据?
我相信,您应该添加CSRF令牌以绕过伪造保护并将此键值添加到标头中:
'X-CSRF-Token': document.querySelector("meta[name=csrf-token]").content
否则,您可以使用捆绑的 Rails-UJS 库,该库已经包含此令牌:
Rails.ajax({
type: "POST",
url: "http://localhost:3000/sessions/create",
data: mydata,
success: function(repsonse){...},
error: function(repsonse){...}
})
是的,您可以指定 csrf 保护的特定操作。 -> DOC
class ApplicationController < ActionController::Base
protect_from_forgery
end
class SessionsController < ApplicationController
protect_from_forgery except: :create
def create
render plain: params
end
end