Rails 简单形式给出 InvalidAuthenticityToken 错误答案

【问题标题】：Rails simple form gives InvalidAuthenticityToken errorRails 简单形式给出 InvalidAuthenticityToken 错误
【发布时间】：2009-09-05 18:40:43
【问题描述】：

我有一个这样的简单表格：

<form name="serachForm" method="post" action="/home/search">   
  <input type="text" name="searchText" size="15" value="">
  <input class="image" name="searchsubmit" value="Busca" src="/images/btn_go_search.gif" align="top" border="0" height="17" type="image" width="29">
</form>

还有一个使用这种方法的控制器：

  def busca
    puts params[:searchText]
  end

当我单击表单中的图像按钮时，我得到一个 ActionController::InvalidAuthenticityToken。这是完整的 StackTrace：

/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in verify_authenticity_token' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in发送' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:178:in evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/callbacks.rb:166:incall' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:225:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:629:inrun_before_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:615:in call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:610:inperform_action_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:in perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/benchmarking.rb:68:inperform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/rescue.rb:136:in perform_action_without_caching' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:13:inperform_action' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.2.2/lib/active_record/query_cache.rb:8:incache' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/caching/sql_cache.rb:12:in perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:insend' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:524:in process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/filters.rb:606:inprocess_without_session_management_support' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/session_management.rb:134:in process' /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/base.rb:392:inprocess' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/webrick_server.rb:74:in service' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/servers/webrick.rb:66 /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:inrequire' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:521:in new_constants_in' /Library/Ruby/Gems/1.8/gems/activesupport-2.2.2/lib/active_support/dependencies.rb:153:inrequire' /Library/Ruby/Gems/1.8/gems/rails-2.2.2/lib/commands/server.rb:49

发生了什么？

【问题讨论】：

标签： ruby-on-rails forms token

【解决方案1】：

按照 Nat 的思路，添加

<%= token_tag %>

就在 HTML“表单”标签工作之后

【讨论】：

谢谢！这应该添加到接受的答案中。
应该使用

【解决方案2】：

默认情况下，所有非 GET 操作都需要将真实性令牌与请求一起传递。 Rails 使用真实性令牌来避免 CSRF 攻击。

确保它始终存在的最简单方法是使用 form_tag 帮助程序，而不是手动编写 HTML。

<% form_tag "/home/search", :name => "searchForm" do %>
  fields here
<% end %>

【讨论】：

【解决方案3】：

如果您不使用帮助器来生成表单标签，这就是您使用真实性令牌手动生成隐藏字段的方式：

<input type="hidden" 
       value="<%= form_authenticity_token() %>" 
       name="authenticity_token"/>

【讨论】：

【解决方案4】：

使用上面其他人建议的表单助手将起作用。

由于这是一个搜索表单，因此该方法实际上应该是“get”。通常，除非数据库中的某些内容要更改，否则您应该使用“get”。

对搜索表单使用 method='get' 对书签/后退按钮也更友好。

【讨论】：