Devise 未登录 Google Chrome
Devise doesn't login in Google Chrome
我正在使用 Devise gem 在 Rails 网络应用程序的 Ruby 中进行用户身份验证。过程非常简单。
但是,添加Nginx和ssl证书后,我的应用程序可以在Mozilla Firefox中登录,但无法在GoogleChrome中登录。到目前为止,我唯一能找到的痕迹是我的环境日志文件中的以下几行:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)
我的 /
的 Nginx 配置
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto: $scheme;
}
注意: 如果我从 /etc/nginx/conf.d/ssl.conf 中删除 proxy_set_header X-Forwarded-Proto: $scheme;,日志文件中的错误将更改为:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)
有办法解决这个问题吗?
我临时修改了actionpackgem.
在lib/action_controller/metal/request_forgery_protection.rb里面actionpackgem目录我更新了:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url
else
true
end
end
成为:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://<domain name>:80"
else
true
end
end
我正在使用 Devise gem 在 Rails 网络应用程序的 Ruby 中进行用户身份验证。过程非常简单。
但是,添加Nginx和ssl证书后,我的应用程序可以在Mozilla Firefox中登录,但无法在GoogleChrome中登录。到目前为止,我唯一能找到的痕迹是我的环境日志文件中的以下几行:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)
我的 /
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto: $scheme;
}
注意: 如果我从 /etc/nginx/conf.d/ssl.conf 中删除 proxy_set_header X-Forwarded-Proto: $scheme;,日志文件中的错误将更改为:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)
有办法解决这个问题吗?
我临时修改了actionpackgem.
在lib/action_controller/metal/request_forgery_protection.rb里面actionpackgem目录我更新了:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url
else
true
end
end
成为:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://<domain name>:80"
else
true
end
end