devise生产环境下的csrf和自定义字段
post报错: can't verify csrf token authenticity
https://github.com/heartcombo/devise/issues/2734#issuecomment-275943762
can't verify csrf token authenticity
I have this problem (with Rails 5 and nginx) but proxy_set_header X-Forwarded-Ssl on; is a partial solution at least when i am using facebook OAuth login with Omniauth (and devise) with error like:Can't verify CSRF token authenticity.
The solution is to use proxy_set_header X-Forwarded-Proto $scheme; instead of proxy_set_header X-Forwarded-Ssl on;
Nginx的配置加一条:
proxy_set_header X-Forwarded-Proto $scheme;
What is $scheme in nginx?
The server_name directive matches request URLs that have domain name www. old-name.com.
The rewritten URL uses two NGINX variables to capture and replicate values from the original request URL:
$scheme is the protocol (http or https) and $request_uri is the full URI including arguments.
The server_name directive matches request URLs that have domain name www. old-name.com.
The rewritten URL uses two NGINX variables to capture and replicate values from the original request URL:
$scheme is the protocol (http or https) and $request_uri is the full URI including arguments.
devise增加自定义字段
add_column :users, :name, :string
1. update sign-up form
view/devise/registration/new.html.erb
<div class="field"> <%= f.label :name %><br /> <%= f.text_field :first_name, autofocus: true %> </div>
2. 更新edit profile form
view/devise/registrations/edit.html.erb
<h2>Edit <%= resource_name.to_s.humanize %></h2> <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> <%= devise_error_messages! %> <div class="field"> <%= f.label :name %><br /> <%= f.text_field :name, autofocus: true %> </div> <div class="field"> <%= f.label :email %><br /> <%= f.email_field :email, autofocus: true %> </div>
3. 覆盖devise controller
3.1 安全原因先要修改允许提交的参数
class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception before_action :configure_permitted_parameters, if: :devise_controller? protected def configure_permitted_parameters devise_parameter_sanitizer.permit(:sign_up, keys: [:username,:email,:password]) devise_parameter_sanitizer.permit(:account_update, keys: [:username,:email,:password,:current_password]) end end
https://www.bogotobogo.com/RubyOnRails/RubyOnRails_Devise_Adding_User_Field_and_Customization_Update_Saved.php
阅读量: 993
发布于:
修改于:
发布于:
修改于: