ruby on rails - CSRF token authencity for sub controller -
i getting csrf warning (resetting session) in rails apps whenever post api_controller.rb.
my app run on iframe in phonegap windows phone 8 , in application_controller, have p3p header solve problem. doesn't seem work in case. p3p not there...? has encountered this?
class applicationcontroller < actioncontroller::base protect_from_forgery before_filter :header_fix protected def header_fix headers['p3p'] = 'cp="all dsp cor cura adma deva our ind com nav"' end end class api::apicontroller < applicationcontroller before_filter :login_required skip_before_filter :detect_device skip_before_filter :detect_browser skip_before_filter :record_log skip_before_filter :assign_packages skip_before_filter :assign_daily_bonus end [2646 - 2013/04/05 13:04:23] (info) started post "/api/chests" 60.50.19.249 @ 2013-04-05 13:04:23 +0800 [2646 - 2013/04/05 13:04:23] (info) processing api::chestscontroller#create */* [2646 - 2013/04/05 13:04:23] (info) parameters: {"force_new"=>"true"} [2646 - 2013/04/05 13:04:23] (warn) warning: can't verify csrf token authenticity [2646 - 2013/04/05 13:04:23] (info) user agent: mozilla/5.0 (compatible; msie 10.0; windows phone 8.0; trident/6.0; iemobile/10.0; arm; touch; nokia; lumia 920) [2646 - 2013/04/05 13:04:23] (debug) user load (4.5ms) select `users`.* `users` `users`.`id` null limit 1 [2646 - 2013/04/05 13:04:23] (debug) keypackage load (1.2ms) select `packages`.* `packages` `packages`.`type` in ('keypackage') order cost [2646 - 2013/04/05 13:04:23] (debug) cache (0.0ms) select `users`.* `users` `users`.`id` null limit 1 [2646 - 2013/04/05 13:04:23] (debug) cache (0.0ms) select `users`.* `users` `users`.`id` null limit 1 [2646 - 2013/04/05 13:04:23] (warn) lost session [60.50.19.249] (/api/chests) - mozilla/5.0 (compatible; msie 10.0; windows phone 8.0; trident/6.0; iemobile/10.0; arm; touch; nokia; lumia 920)
this gem works ruby on rails (https://github.com/grosser/ie_iframe_cookies). solves problem.
even though p3p header valid , user can login, not sure why ie10 this.
Comments
Post a Comment