logo标签列表

Rails ActionController::InvalidAuthenticityToken错误 Heroku

ruby-on-railsheroku
4

我在最近一次部署应用到Heroku上后,遇到了以下错误:ActionController::InvalidAuthenticityToken。

该错误通常发生在登录/注销及提交表单时,其中大约75%的情况下会出现错误消息。

这可能与csrf/authenticity tokens有关。不过,在开发中一切运行正常,没有问题。

在表单中包含了<%= csrf_meta_tags %> 和 authenticity_tokens。

为什么会突然出现这个错误呢?

heroku日志

 2014-03-22T12:19:27.996333+00:00 app[web.2]:   bin/rails:4:in `require'
2014-03-22T12:19:27.996335+00:00 app[web.2]:   bin/rails:4:in `<main>'
2014-03-22T12:19:27.996354+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/abstract_controller/ca
llbacks.rb:17:in `process_action'
2014-03-22T12:19:27.996360+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/noti
fications/instrumenter.rb:20:in `instrument'
2014-03-22T12:19:27.996368+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/abstract_controller/ba
se.rb:136:in `process'
2014-03-22T12:19:27.996336+00:00 app[web.2]:
2014-03-22T12:19:27.996362+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/noti
fications.rb:159:in `instrument'
2014-03-22T12:19:27.996378+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/routin
g/route_set.rb:80:in `call'
2014-03-22T12:19:27.996355+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/rescue.rb:29:in `process_action'
2014-03-22T12:19:27.996337+00:00 app[web.2]:
2014-03-22T12:19:27.996283+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/cach
e/strategy/local_cache.rb:83:in `call'
2014-03-22T12:19:27.996277+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:
in `call'
2014-03-22T12:19:27.996341+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/request_forgery_protection.
rb:163:in `handle_unverified_request'
2014-03-22T12:19:27.996239+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/conditionalget.rb:35:in
 `call'
2014-03-22T12:19:27.996275+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagg
ed_logging.rb:67:in `tagged'
2014-03-22T12:19:27.996363+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/instrumentation.rb:30:in `process_action'
2014-03-22T12:19:27.996399+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/cookies.rb:486:in `call'
2014-03-22T12:19:27.996338+00:00 app[web.2]:
2014-03-22T12:19:27.996357+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/instrumentation.rb:31:in `block in process_action'
2014-03-22T12:19:27.996384+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/journe
y/router.rb:59:in `call'
2014-03-22T12:19:27.996297+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:84:in `pr
e_process'
2014-03-22T12:19:27.996344+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/request_forgery_protection.rb:170:in `handle_unverified_request'
2014-03-22T12:19:27.996251+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/query_
cache.rb:36:in `call'
2014-03-22T12:19:27.996280+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in
 `call'
2014-03-22T12:19:27.996387+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/etag.rb:23:in `call'
2014-03-22T12:19:27.996340+00:00 app[web.2]: ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthen
ticityToken):
2014-03-22T12:19:27.996365+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/params_wrapper.rb:245:in `process_action'
2014-03-22T12:19:27.996358+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/noti
fications.rb:159:in `block in instrument'
2014-03-22T12:19:27.996400+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/query_
cache.rb:36:in `call'
2014-03-22T12:19:27.996305+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/backends/base.rb:73:in
`start'
2014-03-22T12:19:27.996294+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:86:in `bl
ock in pre_process'
2014-03-22T12:19:27.996349+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/request_forgery_protection.rb:177:in `verify_authenticity_token'
2014-03-22T12:19:27.996268+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/show_exceptions.rb:30:in `call'
2014-03-22T12:19:27.996292+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/content_length.rb:14:in
 `call'
2014-03-22T12:19:27.996403+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/callbacks.rb:29:in `block in call'
2014-03-22T12:19:27.996410+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/callbacks.rb:27:in `call'
2014-03-22T12:19:27.996411+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/remote_ip.rb:76:in `call'
2014-03-22T12:19:27.996372+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/abstract_controller/re
ndering.rb:44:in `process'
2014-03-22T12:19:27.996376+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l.rb:231:in `block in action'
2014-03-22T12:19:27.996418+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagg
ed_logging.rb:67:in `block in tagged'
2014-03-22T12:19:27.996422+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:
in `call'
2014-03-22T12:19:27.996391+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/params_parser.rb:27:in `call'
2014-03-22T12:19:27.996402+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/connec
tion_adapters/abstract/connection_pool.rb:626:in `call'
2014-03-22T12:19:27.996423+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/request_id.rb:21:in `call'
2014-03-22T12:19:27.996435+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/application.rb:97:
in `call'
2014-03-22T12:19:27.996432+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/ssl.rb:24:in `call'
2014-03-22T12:19:27.996437+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/content_length.rb:14:in
 `call'
2014-03-22T12:19:27.996394+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:
225:in `context'
2014-03-22T12:19:27.996412+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/debug_exceptions.rb:17:in `call'
2014-03-22T12:19:27.996450+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/handler/thin.rb:16:in `
run'
2014-03-22T12:19:27.996445+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:
in `run_machine'
2014-03-22T12:19:27.996446+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:
in `run'
2014-03-22T12:19:27.996397+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:
220:in `call'
2014-03-22T12:19:27.996449+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/server.rb:162:in `start
'
2014-03-22T12:19:27.996453+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/commands/server.rb
:84:in `start'
2014-03-22T12:19:27.996463+00:00 app[web.2]:
2014-03-22T12:19:27.996452+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/server.rb:264:in `start
'
2014-03-22T12:19:27.996414+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/show_exceptions.rb:30:in `call'
2014-03-22T12:19:27.996274+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagg
ed_logging.rb:25:in `tagged'
2014-03-22T12:19:27.996459+00:00 app[web.2]:   bin/rails:4:in `require'
2014-03-22T12:19:27.996457+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/commands.rb:71:in
`<top (required)>'
2014-03-22T12:19:27.996425+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in
 `call'
2014-03-22T12:19:27.996303+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:
in `run'
2014-03-22T12:19:27.996366+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activerecord-4.0.3/lib/active_record/railti
es/controller_runtime.rb:18:in `process_action'
2014-03-22T12:19:27.996375+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l/rack_delegation.rb:13:in `dispatch'
2014-03-22T12:19:27.996351+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/call
backs.rb:377:in `_run__3606036784356827589__process_action__callbacks'
2014-03-22T12:19:27.996448+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/backends/base.rb:73:in
`start'
2014-03-22T12:19:27.996290+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/application.rb:97:
in `call'
2014-03-22T12:19:27.996307+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/server.rb:162:in `start
'
2014-03-22T12:19:27.996373+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_controller/meta
l.rb:195:in `dispatch'
2014-03-22T12:19:27.996382+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/journe
y/router.rb:71:in `block in call'
2014-03-22T12:19:27.996352+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/call
backs.rb:80:in `run_callbacks'
2014-03-22T12:19:27.996302+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:187:
in `run_machine'
2014-03-22T12:19:27.996308+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/handler/thin.rb:16:in `
run'
2014-03-22T12:19:27.996404+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/call
backs.rb:373:in `_run__2997722282201691042__call__callbacks'
2014-03-22T12:19:27.996419+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagg
ed_logging.rb:25:in `tagged'
2014-03-22T12:19:27.996381+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/routin
g/route_set.rb:48:in `call'
2014-03-22T12:19:27.996386+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/routin
g/route_set.rb:680:in `call'
2014-03-22T12:19:27.996434+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/engine.rb:511:in `
call'
2014-03-22T12:19:27.996444+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:39:in `re
ceive_data'
2014-03-22T12:19:27.996379+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/routin
g/route_set.rb:80:in `dispatch'
2014-03-22T12:19:27.996405+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/call
backs.rb:80:in `run_callbacks'
2014-03-22T12:19:27.996383+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/journe
y/router.rb:59:in `each'
2014-03-22T12:19:27.996388+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/conditionalget.rb:35:in
 `call'
2014-03-22T12:19:27.996390+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/head.rb:11:in `call'
2014-03-22T12:19:27.996462+00:00 app[web.2]:
2014-03-22T12:19:27.996421+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/tagg
ed_logging.rb:67:in `tagged'
2014-03-22T12:19:27.996415+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:38:
in `call_app'
2014-03-22T12:19:27.996417+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/rack/logger.rb:20:
in `block in call'
2014-03-22T12:19:27.996393+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/flash.rb:241:in `call'
2014-03-22T12:19:27.996429+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/actionpack-4.0.3/lib/action_dispatch/middle
ware/static.rb:64:in `call'
2014-03-22T12:19:27.996431+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/sendfile.rb:112:in `cal
l'
2014-03-22T12:19:27.996442+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:53:in `pr
ocess'
2014-03-22T12:19:27.996427+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/runtime.rb:17:in `call'

2014-03-22T12:19:27.996438+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:86:in `bl
ock in pre_process'
2014-03-22T12:19:27.996454+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/commands.rb:76:in
`block in <top (required)>'
2014-03-22T12:19:27.996428+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/activesupport-4.0.3/lib/active_support/cach
e/strategy/local_cache.rb:83:in `call'
2014-03-22T12:19:27.996439+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:84:in `ca
tch'
2014-03-22T12:19:27.996456+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/railties-4.0.3/lib/rails/commands.rb:71:in
`tap'
2014-03-22T12:19:27.996441+00:00 app[web.2]:   vendor/bundle/ruby/1.9.1/gems/thin-1.6.2/lib/thin/connection.rb:84:in `pr
e_process'
2014-03-22T12:19:27.996460+00:00 app[web.2]:   bin/rails:4:in `<main>'
你正在使用哪个版本的Rails? - CWitty
我正在使用Rails 4.0.0版本。 - Thomas Roest
3个回答
1
通过在Cloudflare上开启完整的SSL,问题得以解决。
你有任何想法为什么这个会有帮助吗? - knagode
1
因为我的 cookie 被设置为安全上下文,并且使用 HTTP 它们没有被存储。 - Dorian
0

在没有更多信息的情况下很难确定,但这是我的猜测:检查您的缓存实现。

如果出现错误的页面是被缓存的页面,并且您的真实性令牌已更改,则它们可能具有旧的真实性令牌,该令牌为其提交表单等缓存,显然不会与较新的令牌匹配。

这就解释了为什么本地工作正常(在本地可能没有缓存),以及为什么并非每次都失败(如果不是每个页面都被缓存)。

(哦,无关的评论 - 请更新您的Rails版本。4.0.3中有一些重要的安全修复程序)

我还没有实现任何缓存相关的内容,我也添加了来自Heroku的日志。 - Thomas Roest
移除行 protect_from_forgery 可以解决问题,但这当然不是永久的解决方案。 - Thomas Roest
0

这似乎解决了问题,尽管我不确定为什么。

protect_from_forgery with: :reset_session
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接