gpt4 book ai didi

ruby-on-rails - rails : Completed 401 Unauthorized

转载 作者:行者123 更新时间:2023-12-03 20:17:26 26 4
gpt4 key购买 nike

我收到此错误,但我不知道为什么。我特别排除了 CSRF 检查。 #webhook方法有效,即使在生产中也是如此。其他类似的问题是关于设计的,但我没有在这个 Controller 中使用设计。stripes_controller.rb

class StripesController < ApplicationController
Stripe.api_key = ENV['STRIPE_PRIVATE']
protect_from_forgery :except => [:webhook, :create]

def show
end

def create
# Amount in cents
@amount = params[:amount]

customer = Stripe::Customer.create(
:email => params[:stripeEmail],
:source => params[:stripeToken]
)

charge = Stripe::Charge.create(
:customer => customer.id,
:amount => @amount,
:description => 'Membership Fee',
:currency => 'usd'
)

render :show
rescue Stripe::CardError => e
flash[:error] = e.message
redirect_to stripe_path
end
routes.rb
resource :stripe do
Log
Started POST "/stripe/" for 127.0.0.1 at 2018-01-03 11:58:17 -0500
Processing by StripesController#create as HTML
Parameters: {"amount"=>"100", "stripeToken"=>"tok_1BgFZ2IYOmXNPhc121HxNtw0", "stripeEmail"=>"test@example.com"}
Rendering stripes/show.haml within layouts/application
Rendered stripes/show.haml within layouts/application (2.0ms)
User Load (3.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
(2.0ms) BEGIN
(1.0ms) COMMIT
Completed 401 Unauthorized in 3533ms (ActiveRecord: 6.0ms)


Started GET "/" for 127.0.0.1 at 2018-01-03 11:58:21 -0500
Rails 默认位于 :debug日志级别。 http://guides.rubyonrails.org/v5.0/debugging_rails_applications.html#log-levels
我能够通过设置重现它 devise.rb
config.timeout_in = 1.minute # 8.hours
如果我已登录并处于事件状态,它可以正常工作,但是如果 session 超时,则会导致此 401 问题。
这是来自浏览器的请求/响应。它显示成功和 302 响应,而不是 401。不过它在服务器控制台日志中显示 401。
POST /stripe/ HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 82
Cache-Control: max-age=0
Origin: http://localhost:3000
Content-Type: application/x-www-form-urlencoded
...

HTTP/1.1 302 Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://localhost:3000/
Content-Type: text/html; charset=utf-8
浏览器网络日志中没有一个 401 响应,即使按状态排序,即使使用 Preserver Log。
rails 5.0.2

最佳答案

HTTP 代码 401 Unauthorized 用于身份验证 ( https://httpstatuses.com/401 )。它与 CSRF 无关。在这种情况下,它会引发 ActionController::InvalidAuthenticityToken。

我很确定您的 ApplicationController 中有一个 before_action 需要用户身份验证(或在 routes.rb 中,或在 nginx/Apache 的配置中)。

关于ruby-on-rails - rails : Completed 401 Unauthorized,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48082887/

26 4 0