什么攻击行为导致:ActionController::InvalidAuthenticityToken错误


An ActionController::InvalidAuthenticityToken occurred in download#show:

The browser returned a 'null' origin for a request with origin-based forgery protection turned on.

This usually means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that
refused to give its origin.
This makes it impossible for Rails to verify the source of the requests. Likely the best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin.
If you cannot change the referrer policy, you can disable origin checking with the Rails.application.config.action_controller.forgery_protection_origin_check setting.

 


-------------------------------
Request:
-------------------------------

  * URL        : https://tbm.com/download/5e12263e1051526ac92f5975
  * HTTP Method: POST
  * IP address : 117.136.34.87
  * Parameters : {"dp"=>"416", "controller"=>"download", "action"=>"show", "id"=>"5e12263e1051526ac92f5975"}
  * Timestamp  : 2021-06-08 02:57:40 +0800
  * Server : test4
    * Rails root : /data/www/。。。。
  * Process: 5787
阅读量: 551
发布于:
修改于: