我想通过在iframe的AJAX请求在我的Rails创建会话4的应用程序。
I want to create sessions in my Rails 4 application via an AJAX request in an iframe.
在IFRAME我已经包括了一个新的会话属性的表单远程:真正的
像往常一样,和包括<%= token_tag%>
形式的身体以及<%= csrf_meta_tags%GT;
在布局的头
In the iframe I've included a form for a new session with the attribute remote: true
as usual, and included <%= token_tag %>
in the form body as well as <%= csrf_meta_tags %>
in the head of the layout.
Chrome浏览器有没有问题,张贴此表格,并创建一个会话。在相同条件下的Safari导致CSRF例外。
Chrome has no problem posting this form and creating a session. Under identical conditions Safari causes a CSRF exception.
为什么会这样,我能做些什么来阻止它?据我了解,这是不是一种情况,CSRF是必不可少的,因为没有会话劫持,但我仍然持谨慎态度把它关掉了。
Why does this happen, and what can I do to stop it? As I understand it, this is not a situation where CSRF is essential, as there is no session to hijack, but I'm still wary of turning it off.
Chrome浏览器版本:31.0.1650.63
Chrome version: 31.0.1650.63
Safari浏览器版本:7.0.1
Safari version: 7.0.1
推荐答案
看来这就是著名的第三方Cookie的问题。 Safari浏览器在默认情况下禁用它们。
It seems this is the famous 'third party cookies' problem. Safari disables them by default.
更多:如何第三方&QUOT;跟踪Cookie&QUOT;工作?
相关推荐
最新文章