我有同样的问题。有两种方法可以解决这个问题:
1.猴子补丁(不推荐)
in config/initializers/direct_uploads.rb
:
require 'active_storage/direct_uploads_controller'
class ActiveStorage::DirectUploadsController
protect_from_forgery with: :null_session
end
2.自定义控制器(推荐)
假设您有 API 端点/api/v1
:
config/routes.rb
namespace :api do
scope module: 'v1', path: 'v1' do
resources :direct_uploads, only: [:create]
end
end
app/controllers/api/v1/direct_uploads_controller.rb
class Api::V1::DirectUploadsController < ActiveStorage::DirectUploadsController
# Should only allow null_session in API context, so request is JSON format
protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
# Also, since authenticity verification by cookie is disabled, you should implement you own logic :
before_action :verify_user
private
def verify_user
raise unless User.find(doorkeeper_token[:resource_owner_id])
end
end
并使用正确的端点更改 DirectUpload 实例:
const upload = new DirectUpload(this.state.file, "/api/v1/direct_uploads");
希望这可以帮助。干杯!