问题
I have a site created with Rails using Devise for authentication. It works perfectly fine in Chrome, but in Firefox I cannot log in. All I can see is a message in log:
WARNING: Can't verify CSRF token authenticity
And the login screen comes back without any error messages.
Can someone give me a hint where to look after what is happening?
回答1:
I had exactly the same problem. Login was working in Chrome and not in FF.
The problem was not related to CSRF since I commented out protect_from_forgery and tried to signin but I wasn't allowed to. The only difference was that the warning message disappeared.
After some debugging I found out that the problem is related to session and :domain => :all setting for the session store.
MyApp::Application.config.session_store :cookie_store, key: '_myapp_session', :domain => :all
After I removed :domain => all, I was able to login using Firefox. Hope that this will help someone even though the answer arrives two months late.
来源:https://stackoverflow.com/questions/19132050/rails-csrf-validation-in-firefox