devise生产环境下的csrf和自定义字段
post报错: can't verify csrf token authenticity
https://github.com/heartcombo/devise/issues/2734#issuecomment-275943762
can't verify csrf token authenticity
I have this problem (with Rails 5 and nginx) but proxy_set_header X-Forwarded-Ssl on; is a partial solution at least when i am using facebook OAuth login with Omniauth (and devise) with error like:Can't verify CSRF token authenticity.
The solution is to use proxy_set_header X-Forwarded-Proto $scheme; instead of proxy_set_header X-Forwarded-Ssl on;
Nginx的配置加一条:
proxy_set_header X-Forwarded-Proto $scheme;
What is $scheme in nginx?
The server_name directive matches request URLs that have domain name www. old-name.com.
The rewritten URL uses two NGINX variables to capture and replicate values from the original request URL:
$scheme is the protocol (http or https) and $request_uri is the full URI including arguments.
The server_name directive matches request URLs that have domain name www. old-name.com.
The rewritten URL uses two NGINX variables to capture and replicate values from the original request URL:
$scheme is the protocol (http or https) and $request_uri is the full URI including arguments.
devise增加自定义字段
add_column :users, :name, :string
1. update sign-up form
view/devise/registration/new.html.erb
<div class="field">
<%= f.label :name %><br />
<%= f.text_field :first_name, autofocus: true %>
</div>2. 更新edit profile form
view/devise/registrations/edit.html.erb
<h2>Edit <%= resource_name.to_s.humanize %></h2>
<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
<%= devise_error_messages! %>
<div class="field">
<%= f.label :name %><br />
<%= f.text_field :name, autofocus: true %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
</div>3. 覆盖devise controller
3.1 安全原因先要修改允许提交的参数
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:username,:email,:password])
devise_parameter_sanitizer.permit(:account_update, keys: [:username,:email,:password,:current_password])
end
endhttps://www.bogotobogo.com/RubyOnRails/RubyOnRails_Devise_Adding_User_Field_and_Customization_Update_Saved.php
阅读量: 1479
发布于:
修改于:
发布于:
修改于: