Gem CSRF detected with omniauth and sinatra

cameo · July 03, 2014 · 2982 hits

我想测试一下微信公众平台 OAuth，写了一个简单的 sinatra 程序，用的是 omniauth-wechat-oauth2 gem。但是跑起来到/auth/wechat/callback 的时候，总是抛出 CSRF detected。Google 了一圈，也不知道如何解决！请教如何解决这个问题？

我用的 omniauth gems: omniauth (1.2.1) omniauth-oauth2 (1.1.2) omniauth-wechat-oauth2 (0.1.0)

# app.rb
require 'sinatra'
require 'sinatra/json'
require 'omniauth-wechat-oauth2'

WECHAT_API_KEY = 'xxxxxxxxxxxxxxxxxxxx'
WECHAT_APP_SECRET = 'xxxxxxxxxxxxxxxxxxxx'

enable :sessions

use OmniAuth::Builder do
  provider :wechat, WECHAT_API_KEY, WECHAT_APP_SECRET
end

get '/' do
  <<-HTML
  <a href='/auth/wechat'>微信登录</a>
  HTML
end

post '/auth/wechat/callback' do
  auth = request.env['omniauth.auth']
  auth.inspect
end

get '/auth/failure' do
  redirect '/'
end

我另外写了个测 omniauth-github 的 sinatra 程序，完全没问题，不知道是不是 omniauth-wechat-oauth2 gem 的问题呢？

No Reply at the moment.

You need to Sign in before reply, if you don't have an account, please Sign up first.