Rails CSRF token authenticity on Incoming external POST Requests

2018-06-29 01:32:11

My rails application subscribes to an external system POST notifications (named Orion context broker). I manage sending json data & process response (ruby->Orion).

But when a notification request comes in I get the InvalidAuthenticityToken Error Can't verify CSRF token authenticity WARNING .

I, [2015-12-03T16:56:53.215991 #22189]  INFO -- : Started POST "/machine/listen" for 127.0.0.1 at 2015-12-03 16:56:53 +0000
I, [2015-12-03T16:56:53.221524 #22189]  INFO -- : Processing by MachineController#listen as XML
I, [2015-12-03T16:56:53.221762 #22189]  INFO -- :   Parameters: {"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}], "machine"=>{"subscriptionId"=>"5660745482ef938cd5055ae3", "originator"=>"localhost", "contextResponses"=>[{"contextElement"=>{"type"=>"Printer", "isPattern"=>"false", "id"=>"UM1", "attributes"=>[{"name"=>"temperature", "type"=>"float", "value"=>"110"}]}, "statusCode"=>{"code"=>"200", "reasonPhrase"=>"OK"}}]}}
W, [2015-12-03T16:56:53.223637 #22189]  WARN -- : Can't verify CSRF token authenticity
I, [2015-12-03T16:56:53.224191 #22189]  INFO -- : Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2015-12-03T16:56:53.225189 #22189] FATAL -- : 
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

I understand that the message that is sent back (Orion->ruby) does not contain the proper Security Token.

Maybe I could disable protect_from_forgery but definitly looking for one way to manage authentification between those different services.

Thanks

It's ok to disable CSRF protection if you know what are you doing! Just make sure you don't disable it for your whole website

Use something like skip_before_action :verify_authenticity_token in the controller that recives those post request.

链接地址: http://www.djcxy.com/p/81142.html

上一篇: Rails，无法验证CSRF令牌的真实性

下一篇: 在传入的外部POST请求上引导CSRF令牌的真实性