我收到此错误,但我不知道为什么。我特别排除了 CSRF 检查。这#webhook
即使在生产中,该方法也有效。其他类似的问题是关于 Devise 的,但我没有在此控制器中使用 Devise。
stripes_controller.rb
class StripesController < ApplicationController
Stripe.api_key = ENV['STRIPE_PRIVATE']
protect_from_forgery :except => [:webhook, :create]
def show
end
def create
# Amount in cents
@amount = params[:amount]
customer = Stripe::Customer.create(
:email => params[:stripeEmail],
:source => params[:stripeToken]
)
charge = Stripe::Charge.create(
:customer => customer.id,
:amount => @amount,
:description => 'Membership Fee',
:currency => 'usd'
)
render :show
rescue Stripe::CardError => e
flash[:error] = e.message
redirect_to stripe_path
end
routes.rb
resource :stripe do
Log
Started POST "/stripe/" for 127.0.0.1 at 2018-01-03 11:58:17 -0500
Processing by StripesController#create as HTML
Parameters: {"amount"=>"100", "stripeToken"=>"tok_1BgFZ2IYOmXNPhc121HxNtw0", "stripeEmail"=>"[email protected] /cdn-cgi/l/email-protection"}
Rendering stripes/show.haml within layouts/application
Rendered stripes/show.haml within layouts/application (2.0ms)
User Load (3.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
(2.0ms) BEGIN
(1.0ms) COMMIT
Completed 401 Unauthorized in 3533ms (ActiveRecord: 6.0ms)
Started GET "/" for 127.0.0.1 at 2018-01-03 11:58:21 -0500
Rails 默认开启:debug
日志级别。http://guides.rubyonrails.org/v5.0/debugging_rails_applications.html#log-levels http://guides.rubyonrails.org/v5.0/debugging_rails_applications.html#log-levels
我能够通过设置重现它
devise.rb
config.timeout_in = 1.minute # 8.hours
如果我登录并处于活动状态,它工作正常,但如果会话超时,则会导致此 401 问题。
这是来自浏览器的请求/响应。它显示成功和 302 响应,而不是 401。但它在服务器控制台日志中显示 401。
POST /stripe/ HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Content-Length: 82
Cache-Control: max-age=0
Origin: http://localhost:3000
Content-Type: application/x-www-form-urlencoded
...
HTTP/1.1 302 Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://localhost:3000/
Content-Type: text/html; charset=utf-8
浏览器网络日志中没有任何 401 响应,即使按状态排序,即使使用 Preserver Log。
导轨 5.0.2