第一步
打开config/environment.rb,注释掉config.action_controller.session_store = :active_record_store
第二步
打开app/controller/application.rb,
修改protect_from_forgery # :secret => 'e78949060e4f3c86c67d315af98e88dd'
为 protect_from_forgery :secret => 'e78949060e4f3c86c67d315af98e88dd'
原文:
in your environement.rb you have :
config.action_controller.session = {
:session_key => '_myapp_session',
:secret => 'secretpass'
}
uncomment
config.action_controller.session_store = :active_record_store
and add in your app/controller/application.rb
protect_from_forgery :secret => 'secretpass'
and all work well.
You should use the token_tag helper in your form to provide
the secret token needed by Rails for CSRF security reasons.
如果只做第一步的话会提示
No :secret given to the #protect_from_forgery call. Set that or use a session store capable ofgenerating its own keys (Cookie Session Store).