422 并且无法在 Rails 上验证 CSRF 令牌真实性并设计
422 and Can't verify CSRF token authenticity on Rails and Devise
我在 passenger 和 nginx 上使用 Rails 和 Devise。通过在我的 VPS 上转到生产环境,我无法登录该应用程序,它显示:
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
If you are the application owner check the logs for more information.
production.log
I, [2015-06-08T14:45:00.910686 #1912] INFO -- : Started GET "/users/sign_in" for 13.17.28.5 at 2015-06-08 14:45:00 +0300
I, [2015-06-08T14:45:00.935492 #1912] INFO -- : Processing by Devise::SessionsController#new as HTML
I, [2015-06-08T14:45:00.997483 #1912] INFO -- : Rendered devise/sessions/new.html.erb within layouts/application (19.4ms)
I, [2015-06-08T14:45:01.001749 #1912] INFO -- : Rendered layouts/_header.html.erb (1.7ms)
I, [2015-06-08T14:45:01.003426 #1912] INFO -- : Rendered layouts/_messages.html.erb (0.9ms)
I, [2015-06-08T14:45:01.004884 #1912] INFO -- : Rendered layouts/_footer.html.erb (0.6ms)
I, [2015-06-08T14:45:01.005711 #1912] INFO -- : Completed 200 OK in 70ms (Views: 30.7ms | ActiveRecord: 2.9ms)
I, [2015-06-08T14:45:02.245685 #1912] INFO -- : Started POST "/users/sign_in" for 13.17.28.5 at 2015-06-08 14:45:02 +0300
I, [2015-06-08T14:45:02.248305 #1912] INFO -- : Processing by Devise::SessionsController#create as HTML
I, [2015-06-08T14:45:02.248514 #1912] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"B0NhIjKBWKJ3Rwjbenwc5jIQ9rAA8w/dLD4bAiBcy4w0/TV6W8PUzKGCHIfg4PY4J2eHhTMfzFYnYpYcSxFXGA==", "user"=>{"email"=>"your@email.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
W, [2015-06-08T14:45:02.250441 #1912] WARN -- : Can't verify CSRF token authenticity
I, [2015-06-08T14:45:02.251337 #1912] INFO -- : Completed 422 Unprocessable Entity in 3ms (ActiveRecord: 0.0ms)
F, [2015-06-08T14:45:02.255763 #1912] FATAL -- :
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
devise (3.5.1) lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
activesupport (4.2.1) lib/active_support/callbacks.rb:432:in `block in make_lambda'
activesupport (4.2.1) lib/active_support/callbacks.rb:164:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:164:in `block in halting'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `block in call'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `each'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:92:in `_run_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:776:in `_run_process_action_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.1) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.1) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.1) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.1) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.1) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.1) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.1) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.1) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.1) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.1) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.1) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:74:in `call'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:43:in `serve'
actionpack (4.2.1) lib/action_dispatch/routing/mapper.rb:49:in `serve'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:30:in `each'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:819:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.1) lib/rack/etag.rb:24:in `call'
rack (1.6.1) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.1) lib/rack/head.rb:13:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.1) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.1) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.1) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.1) lib/active_record/connection_adapters/abstract/connection_pool.rb:649:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.1) lib/active_support/callbacks.rb:88:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:88:in `_run_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:776:in `_run_call_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.1) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.1) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.1) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.1) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.1) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.1) lib/rack/sendfile.rb:113:in `call'
railties (4.2.1) lib/rails/engine.rb:518:in `call'
railties (4.2.1) lib/rails/application.rb:164:in `call'
passenger (5.0.0.beta2) lib/phusion_passenger/rack/thread_handler_extension.rb:85:in `process_request'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler/thread_handler.rb:156:in `accept_and_process_next_request'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler/thread_handler.rb:111:in `main_loop'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler.rb:420:in `block (3 levels) in start_threads'
这是我的 nginx 默认服务器
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name 123.123.123.123;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
}
}
server{
listen 8080;
root /usr/share/nginx/html/Logvs/public;
server_name 123.123.123.123:8080;
passenger_enabled on;
passenger_app_env production;
}
第二个是我要访问的(端口 8080)。
有任何想法吗 ? None 其他 SO 答案有效。
感谢 https://www.digitalocean.com/community/tutorials/how-to-install-rails-and-nginx-with-passenger-on-ubuntu 我完全重新安装了所有东西,因为似乎有些地方完全错了!
我在 passenger 和 nginx 上使用 Rails 和 Devise。通过在我的 VPS 上转到生产环境,我无法登录该应用程序,它显示:
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
If you are the application owner check the logs for more information.
production.log
I, [2015-06-08T14:45:00.910686 #1912] INFO -- : Started GET "/users/sign_in" for 13.17.28.5 at 2015-06-08 14:45:00 +0300
I, [2015-06-08T14:45:00.935492 #1912] INFO -- : Processing by Devise::SessionsController#new as HTML
I, [2015-06-08T14:45:00.997483 #1912] INFO -- : Rendered devise/sessions/new.html.erb within layouts/application (19.4ms)
I, [2015-06-08T14:45:01.001749 #1912] INFO -- : Rendered layouts/_header.html.erb (1.7ms)
I, [2015-06-08T14:45:01.003426 #1912] INFO -- : Rendered layouts/_messages.html.erb (0.9ms)
I, [2015-06-08T14:45:01.004884 #1912] INFO -- : Rendered layouts/_footer.html.erb (0.6ms)
I, [2015-06-08T14:45:01.005711 #1912] INFO -- : Completed 200 OK in 70ms (Views: 30.7ms | ActiveRecord: 2.9ms)
I, [2015-06-08T14:45:02.245685 #1912] INFO -- : Started POST "/users/sign_in" for 13.17.28.5 at 2015-06-08 14:45:02 +0300
I, [2015-06-08T14:45:02.248305 #1912] INFO -- : Processing by Devise::SessionsController#create as HTML
I, [2015-06-08T14:45:02.248514 #1912] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"B0NhIjKBWKJ3Rwjbenwc5jIQ9rAA8w/dLD4bAiBcy4w0/TV6W8PUzKGCHIfg4PY4J2eHhTMfzFYnYpYcSxFXGA==", "user"=>{"email"=>"your@email.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
W, [2015-06-08T14:45:02.250441 #1912] WARN -- : Can't verify CSRF token authenticity
I, [2015-06-08T14:45:02.251337 #1912] INFO -- : Completed 422 Unprocessable Entity in 3ms (ActiveRecord: 0.0ms)
F, [2015-06-08T14:45:02.255763 #1912] FATAL -- :
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:181:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:209:in `handle_unverified_request'
devise (3.5.1) lib/devise/controllers/helpers.rb:251:in `handle_unverified_request'
actionpack (4.2.1) lib/action_controller/metal/request_forgery_protection.rb:204:in `verify_authenticity_token'
activesupport (4.2.1) lib/active_support/callbacks.rb:432:in `block in make_lambda'
activesupport (4.2.1) lib/active_support/callbacks.rb:164:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:164:in `block in halting'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `block in call'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `each'
activesupport (4.2.1) lib/active_support/callbacks.rb:504:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:92:in `_run_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:776:in `_run_process_action_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.1) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (4.2.1) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (4.2.1) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (4.2.1) lib/active_support/notifications.rb:164:in `instrument'
actionpack (4.2.1) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (4.2.1) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
activerecord (4.2.1) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (4.2.1) lib/abstract_controller/base.rb:137:in `process'
actionview (4.2.1) lib/action_view/rendering.rb:30:in `process'
actionpack (4.2.1) lib/action_controller/metal.rb:196:in `dispatch'
actionpack (4.2.1) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
actionpack (4.2.1) lib/action_controller/metal.rb:237:in `block in action'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:74:in `call'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:74:in `dispatch'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:43:in `serve'
actionpack (4.2.1) lib/action_dispatch/routing/mapper.rb:49:in `serve'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:43:in `block in serve'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:30:in `each'
actionpack (4.2.1) lib/action_dispatch/journey/router.rb:30:in `serve'
actionpack (4.2.1) lib/action_dispatch/routing/route_set.rb:819:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
rack (1.6.1) lib/rack/etag.rb:24:in `call'
rack (1.6.1) lib/rack/conditionalget.rb:38:in `call'
rack (1.6.1) lib/rack/head.rb:13:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/flash.rb:260:in `call'
rack (1.6.1) lib/rack/session/abstract/id.rb:225:in `context'
rack (1.6.1) lib/rack/session/abstract/id.rb:220:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/cookies.rb:560:in `call'
activerecord (4.2.1) lib/active_record/query_cache.rb:36:in `call'
activerecord (4.2.1) lib/active_record/connection_adapters/abstract/connection_pool.rb:649:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (4.2.1) lib/active_support/callbacks.rb:88:in `call'
activesupport (4.2.1) lib/active_support/callbacks.rb:88:in `_run_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:776:in `_run_call_callbacks'
activesupport (4.2.1) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (4.2.1) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
railties (4.2.1) lib/rails/rack/logger.rb:38:in `call_app'
railties (4.2.1) lib/rails/rack/logger.rb:20:in `block in call'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:68:in `block in tagged'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (4.2.1) lib/active_support/tagged_logging.rb:68:in `tagged'
railties (4.2.1) lib/rails/rack/logger.rb:20:in `call'
actionpack (4.2.1) lib/action_dispatch/middleware/request_id.rb:21:in `call'
rack (1.6.1) lib/rack/methodoverride.rb:22:in `call'
rack (1.6.1) lib/rack/runtime.rb:18:in `call'
activesupport (4.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
rack (1.6.1) lib/rack/sendfile.rb:113:in `call'
railties (4.2.1) lib/rails/engine.rb:518:in `call'
railties (4.2.1) lib/rails/application.rb:164:in `call'
passenger (5.0.0.beta2) lib/phusion_passenger/rack/thread_handler_extension.rb:85:in `process_request'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler/thread_handler.rb:156:in `accept_and_process_next_request'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler/thread_handler.rb:111:in `main_loop'
passenger (5.0.0.beta2) lib/phusion_passenger/request_handler.rb:420:in `block (3 levels) in start_threads'
这是我的 nginx 默认服务器
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name 123.123.123.123;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
}
}
server{
listen 8080;
root /usr/share/nginx/html/Logvs/public;
server_name 123.123.123.123:8080;
passenger_enabled on;
passenger_app_env production;
}
第二个是我要访问的(端口 8080)。 有任何想法吗 ? None 其他 SO 答案有效。
感谢 https://www.digitalocean.com/community/tutorials/how-to-install-rails-and-nginx-with-passenger-on-ubuntu 我完全重新安装了所有东西,因为似乎有些地方完全错了!