ruby on rails - Devise AJAX - POST request : current_user is null -


i try develop single page application authentication. use devise (rails) , angularjs. different reasons rails application , angularjs application not on same server. so, have handle cross domain issues... , can't send x-csrf-token in header. can correctly sign in , sign out , send request without problem. in rails controllers, can use current_user, it's correctly set. however, when send post request, current_user null. seems session_id not sent. problem due cross domain, because if send ajax request same server, ok.

i think, have 2 solutions : - don't use authentication cookie-based, use token - put front-end , back-end on same server.

other ideas ? why current_user null when send post request cross domain ?

you send csrf token in headers it's bad practice exposes security holes (issue thread on github explaining why)

safest way go disable csrf together:

class applicationcontroller < actioncontroller::base   # or use api::basecontroller < applicationcontroller if namespacing   # prevent csrf attacks raising exception.   # apis, may want use :null_session instead.   protect_from_forgery with: :null_session end

and use token based authentication can either implement yourself or use devise's :token_authenticatable. have configure angularjs send token either in params or headers. here's snippet use having rails figure out if token in headers or params.

class api::basecontroller < applicationcontroller   prepend_before_filter :get_auth_token     private   def get_auth_token     if auth_token = params[:auth_token].blank? && request.headers["x-auth-token"]       params[:auth_token] = auth_token     end   end end

so in end how works is:

  1. client uses login method defined authenticate
  2. obtains authentication token server
  3. uses token in each subsequent request purpose of authorization

Comments

Post a Comment

Popular posts from this blog

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more

Add new record to the table by click on the button in Microsoft Access -

in ms access form want implement separate button, adds new record table. in order added button , attached button event: private sub btnaddrec_click() refresh codecontextobject on error resume next docmd.gotorecord , , acnewrec if err.number <> 0 btnaddrec.enabled = false end if end end sub everything ok when open window , click btnaddrec button, problem when first of perform navigation through existed records , after click on button. got runtime error: 2105: «you can't go specified record. may @ end of recordset» . how solve issue, need have ability add new record on click on specific button, no matter, have walked or not walked through records before. thanks. i created simple form field call description (and autonumber) , created button code follows click event. filled number of records , navigated through them, clicked addnewrec button. form navigated new record without issues. able click addnewrec button directly after
Read more

javascript - jQuery .height() return 0 when visible but non-0 when hidden -

i have problem here right opposite others: in jquery cannot height of element when it's visible, when hidden. have html code: <div id="filtering-filter-holder"> <div id="filtering-filter-holder-inner"></div> </div> basic css it: #filtering-filter-holder { display: none; position: absolute; width: 420px; min-height: 100px; padding: 5px 5px 5px 5px; background-color: #ffffff; border: 1px solid #164372; } and finally, js in document.ready(): $('div.filtering-filter-headline').mouseenter(function() { var el = $(this).parent().find('div.filtering-filter-content'); if ($('div#filtering-filter-holder').is(':visible')) { $('div#filtering-filter-holder-inner').stop(true, true).fadeout(300, function() { $('div#filtering-filter-holder-inner').html($(el).html()); var height = $('div#filtering-filter-holder-inner&#
Read more