Ruby China

Rails 开发环境的上传图片失败,生产环境却可以,请问哪里出了问题呢?

lgor · 2018年01月04日 · 最后由 adamshen 回复于 2018年01月05日 · 2246 次阅读

使用 vue 的 element-ui 里面的 el-upload 做图片上传,可是在开发环境怎么都不成功,每次都报 422 错误。代码如下

def img_upload
  setting = SystemSetting.select("id,welcome_img").first
  if setting.update_attributes(welcome_img: params[:welcome])
    setting.reload 
    success_res(msg: '操作成功', welcome_img: setting.welcome_img.url)
  else
    fail_res
  end
end

<el-upload
          class="img-uploader"
          action="system_settings/img_upload" 
          :data="{id: 1}"
           name="welcome"
          :show-file-list="false"
          :multiple="false"
          :on-success="handleAvatarSuccess"
          :on-error="uploadError"
          :before-upload="beforeAvatarUpload">
</el-upload>

上面的代码在生产环境是没问题的,但是开发环境就会报以下错误:

2018-01-04T10:52:36+08:00 [ INFO] 30780 : Started POST "/system_settings/img_upload" for 218.19.139.159 at 2018-01-04 10:52:36 +0800
2018-01-04T10:52:36+08:00 [ INFO] 30780 : Processing by ApplicationController#routing_error as */*
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Parameters: {"id"=>"1", "welcome"=>#<ActionDispatch::Http::UploadedFile:0x000000069c7ad8 @tempfile=#<Tempfile:/tmp/RackMultipart20180104-30780-daiso.png>, @original_filename="403.png", @content_type="image/png", @headers="Content-Disposition: form-data; name=\"welcome\"; filename=\"403.png\"\r\nContent-Type: image/png\r\n">, "path"=>"system_settings/img_upload"}
2018-01-04T10:52:36+08:00 [DEBUG] 30780 : Geokit is using the domain: 
2018-01-04T10:52:36+08:00 [ WARN] 30780 : Can't verify CSRF token authenticity.
2018-01-04T10:52:36+08:00 [ INFO] 30780 : Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)


2018-01-04T10:52:36+08:00 [FATAL] 30780 :   
2018-01-04T10:52:36+08:00 [FATAL] 30780 : ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
2018-01-04T10:52:36+08:00 [FATAL] 30780 :   
2018-01-04T10:52:36+08:00 [FATAL] 30780 : actionpack (5.0.1) lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
actionpack (5.0.1) lib/action_controller/metal/request_forgery_protection.rb:223:in `handle_unverified_request'
actionpack (5.0.1) lib/action_controller/metal/request_forgery_protection.rb:218:in `verify_authenticity_token'
activesupport (5.0.1) lib/active_support/callbacks.rb:382:in `block in make_lambda'
activesupport (5.0.1) lib/active_support/callbacks.rb:169:in `block (2 levels) in halting'
actionpack (5.0.1) lib/abstract_controller/callbacks.rb:12:in `block (2 levels) in <module:Callbacks>'
activesupport (5.0.1) lib/active_support/callbacks.rb:170:in `block in halting'
activesupport (5.0.1) lib/active_support/callbacks.rb:454:in `block in call'
activesupport (5.0.1) lib/active_support/callbacks.rb:454:in `each'
activesupport (5.0.1) lib/active_support/callbacks.rb:454:in `call'
activesupport (5.0.1) lib/active_support/callbacks.rb:101:in `__run_callbacks__'
activesupport (5.0.1) lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks'
activesupport (5.0.1) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.1) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (5.0.1) lib/action_controller/metal/rescue.rb:20:in `process_action'
actionpack (5.0.1) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (5.0.1) lib/active_support/notifications.rb:164:in `block in instrument'
activesupport (5.0.1) lib/active_support/notifications/instrumenter.rb:21:in `instrument'
activesupport (5.0.1) lib/active_support/notifications.rb:164:in `instrument'
actionpack (5.0.1) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (5.0.1) lib/action_controller/metal/params_wrapper.rb:248:in `process_action'
activerecord (5.0.1) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (5.0.1) lib/abstract_controller/base.rb:126:in `process'
actionview (5.0.1) lib/action_view/rendering.rb:30:in `process'
actionpack (5.0.1) lib/action_controller/metal.rb:190:in `dispatch'
actionpack (5.0.1) lib/action_controller/metal.rb:262:in `dispatch'
actionpack (5.0.1) lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
actionpack (5.0.1) lib/action_dispatch/routing/route_set.rb:32:in `serve'
actionpack (5.0.1) lib/action_dispatch/journey/router.rb:39:in `block in serve'
actionpack (5.0.1) lib/action_dispatch/journey/router.rb:26:in `each'
actionpack (5.0.1) lib/action_dispatch/journey/router.rb:26:in `serve'
actionpack (5.0.1) lib/action_dispatch/routing/route_set.rb:725:in `call'
rack (2.0.1) lib/rack/etag.rb:25:in `call'
rack (2.0.1) lib/rack/conditional_get.rb:38:in `call'
rack (2.0.1) lib/rack/head.rb:12:in `call'
rack (2.0.1) lib/rack/session/abstract/id.rb:222:in `context'
rack (2.0.1) lib/rack/session/abstract/id.rb:216:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.0.1) lib/active_record/migration.rb:553:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
activesupport (5.0.1) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
activesupport (5.0.1) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
activesupport (5.0.1) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.1) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
web-console (3.4.0) lib/web_console/middleware.rb:135:in `call_app'
web-console (3.4.0) lib/web_console/middleware.rb:28:in `block in call'
web-console (3.4.0) lib/web_console/middleware.rb:18:in `catch'
web-console (3.4.0) lib/web_console/middleware.rb:18:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.0.1) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.0.1) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.2.0) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/request_id.rb:24:in `call'
rack (2.0.1) lib/rack/method_override.rb:22:in `call'
rack (2.0.1) lib/rack/runtime.rb:22:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.1) lib/action_dispatch/middleware/static.rb:136:in `call'
rack (2.0.1) lib/rack/sendfile.rb:111:in `call'
railties (5.0.1) lib/rails/engine.rb:522:in `call'
rack (2.0.1) lib/rack/handler/webrick.rb:86:in `service'
/usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
/usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
/usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendering /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendering /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendered /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (2.3ms)
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendering /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendered /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (1.2ms)
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendering /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendered /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.0ms)
2018-01-04T10:52:36+08:00 [ INFO] 30780 :   Rendered /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout (22.1ms)
2018-01-04T10:52:36+08:00 [ERROR] 30780 : 
TypeError: no implicit conversion of Yell::Silencer into String
    from /usr/local/rvm/gems/ruby-2.3.1/gems/web-console-3.4.0/lib/web_console/response.rb:11:in `insert'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/web-console-3.4.0/lib/web_console/response.rb:11:in `write'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/web-console-3.4.0/lib/web_console/middleware.rb:36:in `block in call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/web-console-3.4.0/lib/web_console/middleware.rb:18:in `catch'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/web-console-3.4.0/lib/web_console/middleware.rb:18:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/railties-5.0.1/lib/rails/rack/logger.rb:36:in `call_app'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/railties-5.0.1/lib/rails/rack/logger.rb:26:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/sprockets-rails-3.2.0/lib/sprockets/rails/quiet_assets.rb:13:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/request_id.rb:24:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/rack-2.0.1/lib/rack/method_override.rb:22:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/rack-2.0.1/lib/rack/runtime.rb:22:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/executor.rb:12:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/actionpack-5.0.1/lib/action_dispatch/middleware/static.rb:136:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/rack-2.0.1/lib/rack/sendfile.rb:111:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/railties-5.0.1/lib/rails/engine.rb:522:in `call'
    from /usr/local/rvm/gems/ruby-2.3.1/gems/rack-2.0.1/lib/rack/handler/webrick.rb:86:in `service'
    from /usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
    from /usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
    from /usr/local/rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/webrick/server.rb:296:in `block in start_thread'

请大家帮忙看看,怎么解决这个问题,谢谢!

zerzerheart #1 2018年01月04日

貌似是跨域请求的原因吧

lgor #3 2018年01月04日

@zerzerheart @chromer 我在配置文件设置

protect_from_forgery with: :null_session

或者

skip_before_action :verify_authenticity_token

没有起到效果,还是那个错

zerzerheart #4 2018年01月04日
lgor 回复

不应该是在配置文件里设置吧,应该写在 api 的 controller 里。。

lgor #5 2018年01月04日
zerzerheart 回复

嗯,是在 controller 里面设置的。不知道为什么,生产环境的并没有“Can't verify CSRF token authenticity.”这个错

lgor #7 2018年01月05日
HyeKyoZ-github 回复

我用的是 vue 写的前段,并不是 rails 自带的 html.erb,在页面上没有找到$('meta[name="csrf-token"]') 这个

HyeKyoZ-github #8 2018年01月05日
lgor 回复

你没用 application.html.erb 这样的 layout 么?

lgor #9 2018年01月05日
HyeKyoZ-github 回复

这个有设置的,但是不知道为什么,网页上确实没有找到 CSRF TOKEN 这样的,生产环境的也没有,但是生成环境不会报错~,下面是我在生产环境截的图,只有 4 个 meta,开发环境的也是只有这四个

adamshen #10 2018年01月05日
lgor 回复

development.rb 有没有设置 config.action_controller.allow_forgery_protection = false

lgor #11 2018年01月05日
adamshen 回复

刚才我试了在 development.rb 里面设置

config.action_controller.per_form_csrf_tokens = true
config.action_controller.forgery_protection_origin_check =  true

或者

config.action_controller.per_form_csrf_tokens = false
config.action_controller.forgery_protection_origin_check = false

结果还是一样的报错~ 上面两条配置是我在 config/initializers/new_framework_defaults.rb里找到的,放在development.rb里没有效果。如果用你给的这条

config.action_controller.allow_forgery_protection = true

同样没有效果,设置成 false 的话则会报 404

2018-01-05T14:32:39+08:00 [ INFO] 10578 : Started POST "/system_settings/img_upload" for 218.19.139.159 at 2018-01-05 14:32:39 +0800
2018-01-05T14:32:39+08:00 [ INFO] 10578 : Processing by ApplicationController#routing_error as */*
2018-01-05T14:32:39+08:00 [ INFO] 10578 :   Parameters: {"img"=>#<ActionDispatch::Http::UploadedFile:0x0000000621d5f8 @tempfile=#<Tempfile:/tmp/RackMultipart20180105-10578-9lv92f.png>, @original_filename="1.png", @content_type="image/png", @headers="Content-Disposition: form-data; name=\"img\"; filename=\"1.png\"\r\nContent-Type: image/png\r\n">, "path"=>"mass_msgs/img_upload"}
2018-01-05T14:32:39+08:00 [DEBUG] 10578 : Geokit is using the domain: 
2018-01-05T14:32:39+08:00 [ INFO] 10578 : Completed 404 Not Found in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms)
12 楼 已删除
adamshen #13 2018年01月05日
lgor 回复

我猜是这样。

生产环境下没有问题,是因为你的 vue 和后端部署在一个域名下面。而开发环境有问题,是因为你 vue 和 rails 至少端口号肯定是不同的,所以在比对 header origin 字段和请求 url 时,域名不一致,没有过验证。

你改 development.rb 没有用,因为 new_framework_defaults.rb 会覆盖这个设置。

你在开发模式下把 new_framework_defaults 下的 config.action_controller.forgery_protection_origin_check 设为 false,然后重启 rails 进程试试。

需要 登录 后方可回复, 如果你还没有账号请 注册新账号