Rails InvalidAuthenticityToken with HTTPS + ELB

こ雲淡風輕ζ 提交于 2021-02-08 05:38:46

问题


I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_tokenand they are in fact different.

The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put requests work fine.

I've been stuck on this problem for a bit. Any advice would be helpful


回答1:


I have the same problem, but it's not rails.

I fixed the problem by add proxy_set_header X-Forwarded-Proto https; in my nginx.config

  location @videos {
    proxy_pass http://videos;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
  }


来源:https://stackoverflow.com/questions/42060660/rails-invalidauthenticitytoken-with-https-elb

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!