Omniauth-恒等InvalidAuthenticityToken

Question

我学习了这个关于如何实现Omniauth的栏杆教程，但是遇到了一个障碍。

当我试图注册用户时，会弹出以下错误

ActionController::InvalidAuthenticityToken in SessionsController#create 

在控制台日志中，弹出以下错误

Processing by SessionsController#create as HTML
  Parameters: {"name"=>"asdasd asdasd", "email"=>"asd@yopmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "provider"=>"identity"}
Can't verify CSRF token authenticity

用户被插入标识模型中没有问题，但是当应用程序试图创建会话时，这一切都是徒劳的。

下面是我使用的相关代码

Gemfile

OpenID认证

gem 'bcrypt-ruby', '~> 3.1.2'

gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem 'omniauth-google-oauth2'
gem 'omniauth-identity'

initializers/omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
    provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
    provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
    provider :identity
end

路由

  get 'auth/:provider/callback', to: 'sessions#create'
  post 'auth/:provider/callback', to: 'sessions#create'
  get 'auth/failure', to: redirect('/')
  get 'signout', to: 'sessions#destroy', as: 'signout'

SessionsController

def create
    user = User.from_omniauth(env['omniauth.auth'])
    session[:user_id] = user.id
    redirect_to root_url, notice: "Signed In!"
end

用户建模

def self.from_omniauth(auth)
    find_by_provider_and_uid(auth["provider"], auth["uid"]) || create_with_omniauth(auth)
end

Answer 1

当Rails检查CSRF令牌时引发的错误CSRF，您可以通过跳过验证skip_before_action来禁用控制器上的CSRF保护，将其添加到SessionsController的顶部。

skip_before_action :verify_authenticity_token, only: :create

，但您必须小心，并阅读有关 CSRF 保护的所有内容.