问题
I've built an simple rails app and am deploying it to heroku. The app uses devise for authentication. Everything works fine in development and production environment, ACCEPT when one tries to log in via the Mobile Safari browser on iOS.
Heroku logs say the following:
2012-10-17T18:56:52+00:00 app[web.1]: Started POST "/users/sign_in" for 87.123.175.106 at 2012-10-17 20:56:52 +0200
2012-10-17T18:56:52+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML
2012-10-17T18:56:52+00:00 app[web.1]: Parameters: {"utf8"=>"✓", "authenticity_token"=>"SHHVgAxRFJ8VFu2cnbh/YGn6s6q0L9Mnp24x9Whu2mk=", "user"=>{"name"=>"test", "password"=>"[FILTERED]"}, "commit"=>"anmelden"}
2012-10-17T18:56:52+00:00 app[web.1]: WARNING: Can't verify CSRF token authenticity
2012-10-17T18:56:53+00:00 app[web.1]: Redirected to http://xxxxxxxx.herokuapp.com/
The problem doesn't occur with other iOS browsers such as Opera. I didn't do any custom stuff to devise (except for adding a user name), it is implemented pretty much out of the box.
I have read several posts where the issue with iOS and CSRF token is vaguely addressed, but I'm pretty new to rails and don't really know how to fix this. Can anyone help, please?
UPDATE:
As advised in this post, I commented out protect_from_forgery in application_controller.rb as well as the csrf_meta_tags in application.html.erb.
Also, I added :domain => :all to config/session_store.rb.
Nothing helped. Obiously, I don't get the Can't verify CSRF token authenticity error anymore, but the following logs:
2012-10-18T18:19:03+00:00 app[web.1]: Started POST "/users/sign_in" for 87.123.130.136 at 2012-10-18 20:19:03 +0200
2012-10-18T18:19:03+00:00 app[web.1]: Processing by Devise::SessionsController#create as HTML
2012-10-18T18:19:03+00:00 app[web.1]: Parameters: {"utf8"=>"✓", "authenticity_token"=>"Q+fF+9Sj2Q+X2VV34Jkrt1K8C3u4/NB6YC3yslYjkyQ=", "user"=>{"name"=>"test", "password"=>"[FILTERED]"}, "commit"=>"anmelden"}
2012-10-18T18:19:03+00:00 heroku[router]: POST pacific-beyond-5428.herokuapp.com/users/sign_in dyno=w
eb.1 queue=0 wait=0ms service=783ms status=302 bytes=107
2012-10-18T18:19:03+00:00 app[web.1]: Redirected to http://pacific-beyond-5428.herokuapp.com/
2012-10-18T18:19:03+00:00 app[web.1]: Completed 302 Found in 577ms (ActiveRecord: 0.0ms)
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]: Started GET "/" for 87.123.130.136 at 2012-10-18 20:19:04 +0200
2012-10-18T18:19:04+00:00 app[web.1]: Processing by HomeController#index as HTML
2012-10-18T18:19:04+00:00 app[web.1]: Completed 401 Unauthorized in 0ms
2012-10-18T18:19:04+00:00 heroku[router]: GET pacific-beyond-5428.herokuapp.com/ dyno=web.1 queue=0 wait=0ms service=12ms status=302 bytes=120
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]: Started GET "/users/sign_in" for 87.123.130.136 at 2012-10-18 20:19:04 +0200
2012-10-18T18:19:04+00:00 app[web.1]: Processing by Devise::SessionsController#new as HTML
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]: Rendered layouts/_navigation.html.erb (1.4ms)
2012-10-18T18:19:04+00:00 app[web.1]: Rendered devise/shared/_links.html.erb (0.7ms)
2012-10-18T18:19:04+00:00 app[web.1]: Rendered devise/sessions/new.html.erb within layouts/application (25.8ms)
2012-10-18T18:19:04+00:00 app[web.1]: Rendered layouts/_messages.html.erb (0.4ms)
2012-10-18T18:19:04+00:00 app[web.1]: Rendered layouts/_sidebar.html.erb (0.3ms)
2012-10-18T18:19:04+00:00 app[web.1]: Completed 200 OK in 33ms (Views: 31.9ms | ActiveRecord: 0.0ms)
2012-10-18T18:19:04+00:00 heroku[router]: GET pacific-beyond-5428.herokuapp.com/users/sign_in dyno=web.1 queue=0 wait=0ms service=44ms status=200 bytes=2361
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]:
2012-10-18T18:19:04+00:00 app[web.1]: Started GET "/assets/foundation/app.js" for 87.123.130.136 at 2012-10-18 20:19:04 +0200
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/app.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Served asset /foundation/app.js - 304 Not Modified (282ms)
2012-10-18T18:19:05+00:00 heroku[router]: GET pacific-beyond-5428.herokuapp.com/assets/foundation/app.js dyno=web.1 queue=0 wait=0ms service=297ms status=304 bytes=0
2012-10-18T18:19:05+00:00 app[web.1]:
2012-10-18T18:19:05+00:00 app[web.1]:
2012-10-18T18:19:05+00:00 app[web.1]: Started GET "/assets/foundation/index.js" for 87.123.130.136 at 2012-10-18 20:19:05 +0200
2012-10-18T18:19:05+00:00 heroku[router]: GET pacific-beyond-5428.herokuapp.com/assets/foundation/index.js dyno=web.1 queue=0 wait=0ms service=905ms status=304 bytes=0
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/modernizr.foundation.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.placeholder.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.alerts.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.accordion.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.buttons.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.tooltips.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.forms.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.tabs.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.navigation.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.topbar.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.reveal.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.orbit.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/jquery.foundation.mediaQueryToggle.js (0ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Compiled foundation/index.js (86ms) (pid 2)
2012-10-18T18:19:05+00:00 app[web.1]: Served asset /foundation/index.js - 304 Not Modified (616ms)
Somebody an Idea?
回答1:
I had this same errorm seeing the same symptoms on production in the Heroku logs of:
WARNING: Can't verify CSRF token authenticity- And the 401 Unauthorized redirect after login attempt.
The resolution for me was to add domain: :all to the session_store in config/initializers/session_store.rb.
来源:https://stackoverflow.com/questions/12941714/rails-3-2-app-on-heroku-with-devise-cant-log-in-with-mobile-safari