问题
I'm trying to get HTTPS to work for my site, but I'm getting ActionController::InvalidAuthenticityToken for all post requests. I logged the form_authenticity_param and form_authenticity_tokenand they are in fact different.
The SSL is resolved at the Elastic Load Balancer and a non-SSL request is sent to the web app. The expected CSRF token is stored in the cookie-based session, so the sessions for HTTP and HTTPS appear to expect different tokens. When using HTTP on the site, the post/put requests work fine.
I've been stuck on this problem for a bit. Any advice would be helpful
回答1:
I have the same problem, but it's not rails.
I fixed the problem by add proxy_set_header X-Forwarded-Proto https; in my nginx.config
location @videos {
proxy_pass http://videos;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
}
来源:https://stackoverflow.com/questions/42060660/rails-invalidauthenticitytoken-with-https-elb