Closed kbklin closed 8 years ago
不需要其他配置 启动正常 检查一下是不是你自己环境有问题
可以启动了,不过登录不了,登录的时候报400,请问怎么解决 我用netty启动时没有此问题 General Remote Address:[::1]:9080 Request URL:http://localhost:9080/zblog/backend/login Request Method:POST Status Code:400 Bad Request Response Headers view source Connection:close Content-Language:en Content-Length:1011 Content-Type:text/html;charset=utf-8 Date:Mon, 30 Nov 2015 08:30:18 GMT Server:Apache-Coyote/1.1 Request Headers view source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding:gzip, deflate Accept-Language:zh-CN,zh;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Content-Length:59 Content-Type:application/x-www-form-urlencoded Cookie:JSESSIONID=DCC8428BFE0FFEBF6EE560FDC99B6E13; b3log-latke="{\"userPassword\":\"c71c8821e219dfa33dd17f521660b398\",\"userEmail\":\"whonever@126.com\"}"; JSESSIONID=1h6lg6j646xvx3s0g4kdcdfgi Host:localhost:9080 Origin:http://localhost:9080 Referer:http://localhost:9080/zblog/backend/login Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 Form Data view source view URL encoded CSRFToken:5405930555425584 guard:no username:aa password:aa
看了一下,使用tomcat启动时,StatelessCsrfFilter验证token,从cookie中获取不到x-csrf-token,所以验证不通过了,具体为什么获取不到还不清楚
@kaibinsiji 你用firebug看一下是否有x-csrf-token这个cookie,这个是在zblog.admin.js文件中的zblog.newCsrf方法产生的