- 浏览: 698297 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
qgm168:
...
Ruby中HmacMD5加密 -
lucky_god:
感谢楼主,写的很详细!
Redhat安装gem包报错“no such file to load — zlib”以及ruby的openssl扩展等错误的修正 -
liaozhaijk:
$("某一个dom").change() ...
jquery绑定input 文本域(text),检测值的变化 -
avalonzst:
...
Mysql启动失败Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysq -
zdz8207:
非常感谢,我的也是磁盘满了导致的问题,顺便分享下查看磁盘的命令 ...
Mysql启动失败Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysq
现在才开始rails之旅有点晚,最近在捣鼓,发现变化确实很大,下面遇到的众多问题中的一个:
link_to 删除的操作无法正常进行,就是下面这行代码
在rails2上没有任何问题,在用默认的prototype那一系列的js也可能没问题,关键是我卸载来prototype,安装的jquery。
首先是 点击 删除 链接之后,跳到了show页面,完全没有弹出框提示,造成这个问题的原因是一个低级错误,jquery的js文件没有引入
引入之后弹出框生效来(说明生成的html代码中的自定义属性被解析来),但是删除仍然是无法进行,日志中显示了下面这一句提示:
先前,我曾经把link_to改成button_to,这个是完全可以操作的,button_to的原理是生成一个form表单,这个表单是自带token authenticity,这里 token authenticity 的警告正好说明link_to所缺少的东西,我的destroy action要经过一个登录验证,每次点击删除都是进入登录页面,误导我因为哪里的代码写错了删除来session,检查代码无误后,才明白是token authenticity的问题。
添加这一行代码到layout中
解析生成的html代码如下:
这个就完全解决了,删除操作提交的token问题
关于token的问题,在stackflow有一个很好的解释
http://stackoverflow.com/questions/941594/understand-rails-authenticity-token
原文贴出来:
========================================================================================
旧文分割线
=========================================================================================
如今已经升级到3.2,情况发生了变化,只需要安装jquery-rails即可(另外layout中csrf_meta_tag 也是需要的)
Installation
Apps generated with Rails 3.1 or later include jquery-rails in the Gemfile by default. So just make a new app:
If upgrading from an older version of rails, or for rails 3.0 apps, add the jquery-rails gem to your Gemfile.
And run bundle install. The rest of the installation depends on whether the asset pipeline is being used.
Rails 3.1 or greater (with asset pipeline enabled)
The jquery and jquery-ujs files will be added to the asset pipeline and available for you to use. If they're not already in app/assets/javascripts/application.js by default, add these lines:
For jQuery UI, we recommend the jquery-ui-rails gem, as it includes the jquery-ui css and allows easier customization. This gem still packages the jQuery UI javascript for compatibility. To use it, add the following line to your application.js:
In order to use the themed parts of jQuery UI, you will also need to supply your own theme CSS (or use the jquery-ui-rails gem mentioned above).
Rails 3.0 (or greater with asset pipeline disabled)
This gem adds a single generator: jquery:install. Running the generator will remove any Prototype JS files you may happen to have, and copy jQuery and the jQuery-ujs driver for Rails (and optionally, jQuery UI) to the public/javascripts directory.
This gem will also hook into the Rails configuration process, removing Prototype and adding jQuery to the javascript files included by the javascript_include_tag(:defaults) call. While this gem contains the minified and un-minified versions of jQuery and jQuery UI, only the minified versions are included in :defaults.
To invoke the generator, run:
You're done!
link_to 删除的操作无法正常进行,就是下面这行代码
<%= link_to "删除", article_path(article.id), :method => :delete, :confirm=>"are you sure?" %>
在rails2上没有任何问题,在用默认的prototype那一系列的js也可能没问题,关键是我卸载来prototype,安装的jquery。
首先是 点击 删除 链接之后,跳到了show页面,完全没有弹出框提示,造成这个问题的原因是一个低级错误,jquery的js文件没有引入
<%= javascript_include_tag "jquery.min" %> <%= javascript_include_tag "jquery_ujs" %>(这个文件是关键)
引入之后弹出框生效来(说明生成的html代码中的自定义属性被解析来),但是删除仍然是无法进行,日志中显示了下面这一句提示:
WARNING: Can't verify CSRF token authenticity
先前,我曾经把link_to改成button_to,这个是完全可以操作的,button_to的原理是生成一个form表单,这个表单是自带token authenticity,这里 token authenticity 的警告正好说明link_to所缺少的东西,我的destroy action要经过一个登录验证,每次点击删除都是进入登录页面,误导我因为哪里的代码写错了删除来session,检查代码无误后,才明白是token authenticity的问题。
添加这一行代码到layout中
<%= csrf_meta_tag %>
解析生成的html代码如下:
<meta content="authenticity_token" name="csrf-param"> <meta content="wItbwqqVKfksJM4XuF8JteFBpSMhgr3IRYWLCmyXi2c=" name="csrf-token">
这个就完全解决了,删除操作提交的token问题
关于token的问题,在stackflow有一个很好的解释
http://stackoverflow.com/questions/941594/understand-rails-authenticity-token
原文贴出来:
引用
What happens: When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.
Why this happens: Since the authenticity token is stored in the session, the client can not know its value. This prevents people from submitting forms to a rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery).
If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
Notes: Keep in mind, rails only checks POST, PUT, and DELETE requests. GET request are not checked for authenticity token. Why? because the HTTP specification states that GET requests should NOT create, alter, or destroy resources at the server, and the request should be idempotent (if you run the same command multiple times, you should get the same result every time).
Lessons: Use authenticity_token to protect your POST, PUT, and DELETE requests. Also make sure not to make any GET requests that could potentially modify resources on the server.
Why this happens: Since the authenticity token is stored in the session, the client can not know its value. This prevents people from submitting forms to a rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery).
If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.
Notes: Keep in mind, rails only checks POST, PUT, and DELETE requests. GET request are not checked for authenticity token. Why? because the HTTP specification states that GET requests should NOT create, alter, or destroy resources at the server, and the request should be idempotent (if you run the same command multiple times, you should get the same result every time).
Lessons: Use authenticity_token to protect your POST, PUT, and DELETE requests. Also make sure not to make any GET requests that could potentially modify resources on the server.
========================================================================================
旧文分割线
=========================================================================================
如今已经升级到3.2,情况发生了变化,只需要安装jquery-rails即可(另外layout中csrf_meta_tag 也是需要的)
引用
Installation
Apps generated with Rails 3.1 or later include jquery-rails in the Gemfile by default. So just make a new app:
rails new myapp
If upgrading from an older version of rails, or for rails 3.0 apps, add the jquery-rails gem to your Gemfile.
gem "jquery-rails"
And run bundle install. The rest of the installation depends on whether the asset pipeline is being used.
Rails 3.1 or greater (with asset pipeline enabled)
The jquery and jquery-ujs files will be added to the asset pipeline and available for you to use. If they're not already in app/assets/javascripts/application.js by default, add these lines:
//= require jquery //= require jquery_ujs
For jQuery UI, we recommend the jquery-ui-rails gem, as it includes the jquery-ui css and allows easier customization. This gem still packages the jQuery UI javascript for compatibility. To use it, add the following line to your application.js:
//= require jquery-ui
In order to use the themed parts of jQuery UI, you will also need to supply your own theme CSS (or use the jquery-ui-rails gem mentioned above).
Rails 3.0 (or greater with asset pipeline disabled)
This gem adds a single generator: jquery:install. Running the generator will remove any Prototype JS files you may happen to have, and copy jQuery and the jQuery-ujs driver for Rails (and optionally, jQuery UI) to the public/javascripts directory.
This gem will also hook into the Rails configuration process, removing Prototype and adding jQuery to the javascript files included by the javascript_include_tag(:defaults) call. While this gem contains the minified and un-minified versions of jQuery and jQuery UI, only the minified versions are included in :defaults.
To invoke the generator, run:
rails generate jquery:install #--ui to enable jQuery UI
You're done!
发表评论
-
Ubuntu下rails程序链接oracle数据库
2015-09-17 15:32 2511rails支持oracle数据库连接 一、下载安装(解压)依 ... -
rails查询清除默认排序
2015-05-28 21:01 964User.all.order('id desc ').reor ... -
sunspot-rails无法启动,后台访问404错误
2015-03-18 15:20 1092问题是这样的: bundle exec rake suns ... -
使用Vbox虚拟机Ubuntu搭建Rails开发环境
2015-03-16 13:50 0本文部署环境为Vbox虚拟 ... -
nokogiri的gem安装错误
2015-02-10 12:56 3249安装nokogiri错误 Error installing ... -
ubuntu中ruby使用文字生成图片以及汉字不显示(或者乱码)的问题
2014-12-23 10:29 2359ruby中使用IMGKit这个gem可以完成文字以及html生 ... -
Passenger无法加载github源的gem包问题
2014-07-07 16:06 612添加github的项目源之后,项目在产品模式下报错,使用的是p ... -
启动错误Passenger::SecurityException “Line too long”
2014-06-21 10:08 1671项目不能启动,nginx错误日志中 引用 Pool2/Im ... -
rails中try的用法
2014-04-01 17:16 1332try的用法还是挺好的,避免异常,除法看上去有点特殊,其实也就 ... -
Rails的旧版本API
2014-02-27 15:47 966rails官网的api查询默认是最新版本 http://api ... -
Vbox虚拟机访问rails程序,BetterErrors的使用无效的问题
2014-02-14 15:12 1049BetterErrors可谓是一个调试程序的一个神器,他会把错 ... -
Rails3使用easy_captcha来实现验证码
2013-07-17 10:58 3637easy_captcha是一个比较简洁的用来做验证码的gem插 ... -
ubuntu 中passenger安装nginx部署rails 问题
2013-06-21 10:08 2042Passenger有一个专门安装nginx的模块,安装起来非常 ... -
Rails3程序在产品模式下出现assert文件404错误的问题
2013-03-07 17:47 1444rails3程序部署产品模式之后 出现以下静态文件错误 1 ... -
rspec页面元素测试
2013-02-19 09:32 1276使用rspec测试页面元素 get :new ... -
rvm安装ruby,gem,rails,之后仍然无法找到rails命令
2012-11-29 10:18 4813又在这里在栽跟头了,很久之前遇到过,没想到这次还是遇到了。真是 ... -
Rails设置url末端以斜杠为终止符
2013-06-13 17:06 1104局部设置 link_to 'Companies', compa ... -
rails3使用devise问题小记
2012-10-29 21:09 0$ rails generate devise:install ... -
paperclip一些使用技巧
2012-07-29 12:10 1459一、关于styles设置,缩略图的切割策略 有两个符号,一个是 ... -
Rails获取用户访问的ip
2012-07-26 10:06 5043在rails中获取rails的ip值 ...
相关推荐
这是最新的Rails 3.1 实战,包括TDD、BDD等实用技术。
= link_to “Issues”, {:controller => “issue”, :action => “index”}, {:onclick => “alert(1)”} %> 但是值得注意的就是,link_to 的第二个参数,必须是以 map 的形式给出,才能达到这样的效果。...
Rails 3.1 和 Cucumber-Rails 1.2.0 是两个在Web开发领域非常重要的工具,尤其对于Ruby on Rails框架的测试和自动化流程。本文将深入探讨这两个组件,以及它们如何协同工作来增强软件开发的效率和质量。 首先,...
由于在Windows上直接安装可能会遇到问题,可以尝试使用预编译的二进制版本,或者在命令行中运行`gem install mysql2 --platform=ruby -- --with-mysql-dir="C:\path\to\mysql\installation"`,其中"C:\path\to\mysql...
一个简单的gem,可以使用标准的Rails link_to helper在链接上实现活动状态。 这对导航列表或按钮有帮助,当当前URL匹配链接帮助器上的条件时,为他们提供一个类。 安装 将此行添加到您的应用程序的Gemfile中: gem...
rails_semantic_logger, Rails 语义记录器用语义记录器替换 Rails 缺省记录器 Rails 语义记录器 语义记录器用语义记录器替代 Rails 缺省记录器。http://github.com/rocketjob/rails_semantic_logger文档有关完整文档...
rails_apps_composer, 一个 gem,为 Rails 启动应用程序创建 Rails 应用程序模板 Rails 应用编辑器 Rails 应用程序编辑器 gem 安装一个 命令行 工具来从"食谱"的Collection 组装 Rails 应用程序。"你可以使用 rails_...
"inspinia admin - v2.5 Rails_Full_Version" 是一个基于Rails框架构建的后台管理系统的完整版本。这个系统采用流行的Inspinia Admin模板,提供了丰富的功能和自定义选项,旨在帮助开发者快速构建高效、现代且用户...
### 敏捷Web开发与Rails 4th Edition (Rails 3.1)——全面解析 #### 核心知识点概述 《敏捷Web开发与Rails》第四版涵盖了最新的Rails 3.1版本,是一本旨在帮助开发者快速掌握Ruby on Rails框架的核心书籍。本书...
7. **文档齐全**:InspiniaAdmin提供了详细的文档和示例代码,有助于开发者快速上手和解决遇到的问题。 在Rails_Full_Version压缩包中,包含了完整的源代码和必要的资源文件,开发者可以通过解压并导入到Rails项目...
backbone-rails, 在 Rails 3.1中轻松使用 backbone.js 主干 rails 轻松设置并使用 Rails 3.1和更高版本的backbone.js ( 1.2.2 )##Version#####Github 主 branch###gem 版本:1.2.2Backbone 版本:1.
本资料“RestFul_Rails_Dev_pdf_v_0.1.zip”包含了《RESTful Rails Development》的翻译版,将深入探讨如何在Rails中实现RESTful的设计模式。 首先,RESTful设计的核心概念是资源(Resources)。在Rails中,资源...
由于Rails不断更新,新功能的引入或API的修改都可能导致代码兼容性问题。为了确保代码的正确运行,作者建议在使用本书示例代码之前,先检查自己所用的Rails版本是否与书中的版本一致。如果使用的是后续版本,应当...
tiny_mce, Ruby on Rails 插件( pre Rails 3.1 ),允许你轻松地将TinyMCE编辑器实现到你的应用程序中 用于 Rails的 TinyMCE因为我没有时间维护它,而且代码库处于不一致状态,所以这个 gem 被折旧 ! 似乎如下笔记。...
在这个Rails_Seed_Project中,开发者可以找到一个典型的Rails应用结构,包括Gemfile、config.ru、database.yml等核心配置文件,以及models、controllers、views和assets等目录,它们分别对应着业务逻辑、数据操作、...
rails_best_practices rails_best_practices是用于检查Rails代码质量的代码度量工具。 它支持以下ORM / ODM: 活动记录 蒙古型 mongomapper 以及以下模板引擎: erb 哈姆 减肥 拉布尔 rails_best_practices...
《Inspinia Admin - v2.5 Rails Seed Project:打造高效后台管理的全面解析》 在Web开发领域,后台管理界面的设计与实现是一项至关重要的任务,它直接影响到开发者的工作效率和用户体验。Inspinia Admin是一款广受...
LinkToAction 助手集:link_to_new,link_to_index,link_to_show,link_to_edit,link_to_destroy 额外帮手:link_to_back 启用了Twitter Bootstrap的演示应用程序源: 想要与一起使用此宝石吗? 提出。为什么Rails...
在Rails 3.1版本中,引入了许多重要更新和改进,使得这个框架更加高效且功能丰富。 首先,让我们深入了解Rails 3.1在资产管道(Asset Pipeline)方面的重要变革。资产管道是一种整合和优化应用程序中CSS、...